Processing math: 50%
OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks | IEEE Conference Publication | IEEE Xplore

OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks


Abstract:

Security and authentication are ubiquitous problems that impact all modern networked systems. Password-based authentication systems are still prevalent, and information l...Show More

Abstract:

Security and authentication are ubiquitous problems that impact all modern networked systems. Password-based authentication systems are still prevalent, and information leaked via other channels may be used to attack networked systems. Researchers have previously used email addresses as an identifier in leaked data breach information to understand password reuse and behaviours, but this has its limitations. In this work, we explore the use of passwords themselves as identifiers in linking accounts together to provide an alternative view of large-scale reuse. We filter for high entropy passwords on the Compilation of Many Breaches (COMB) data set, which contains 3.2 billion email/password combinations. Using this approach, we find that passwords are reused 13 times on average, with a username reuse rate of 66.7\% (compared to 40\% when considering emails mergers). We identify that potentially malicious actors are engaging in large-scale email and password generation and reuse, which also appears to be prominent on social media.
Date of Conference: 06-08 November 2023
Date Added to IEEE Xplore: 27 March 2024
ISBN Information:

ISSN Information:

Conference Location: Edinburgh, United Kingdom

References

References is not available for this document.