الأحد، 2 نوفمبر 2025

Published نوفمبر 02, 2025 by with 0 comment

300 Million Stolen Logins Found on Dark Web—Small Businesses Hit Hardest

| October 30, 2025

In a major new report, Proton—the Swiss company behind the secure email service—has discovered 300 million stolen usernames and passwords being sold on dark web marketplaces. Nearly half of them include actual passwords, not just email addresses.

The findings come from Proton’s new Data Breach Observatory, which monitors criminal forums in real time to track stolen data before companies even know they’ve been hacked.

 

Small Businesses Are on the Front Lines

Of the 794 data breaches recorded in 2025 so far, 71% happened to small and medium-sized businesses—especially those with fewer than 250 employees.

  • Companies with 10–49 people made up 48% of all breaches

  • Those with fewer than 10 employees accounted for another 23%

Why? Because they often lack strong cybersecurity—but still hold valuable customer data.

The retail and wholesale sectors were hit the most (25% of breaches), followed by tech companies (15%).

The Cost Can Be Devastating

For a small business, a data breach isn’t just embarrassing—it can be life-ending:

  • Average cost: $120,000 to $1.24 million

  • In worst cases: up to $3.31 million

  • And 60% of small businesses that suffer a cyberattack go out of business within months

“Over 100 million stolen records are already on the dark web this year,” said Eamonn Maguire, Proton’s engineering director. “This is becoming the new normal.”

Why So Many Passwords Get Stolen

A huge part of the problem? Password reuse.

  • 94% of people use the same password on multiple sites

  • If one account gets hacked, criminals try that same login everywhere

  • Shockingly, 72% of Gen Z users admit to reusing passwords—compared to just 42% of Baby Boomers

Once hackers get one set of credentials, they can often access email, bank accounts, work tools, and more.

How Proton Is Fighting Back

Unlike most breach alerts—which come after a company reports a hack—Proton’s system scans criminal forums directly, often spotting stolen data before the victim knows.

It works with cybersecurity firm Constella Intelligence to give early warnings to affected organizations, helping them change passwords and lock accounts faster.

What You Can Do

Whether you run a business or just have an email account:

  1. Use a different password for every site

  2. Turn on two-factor authentication (2FA)

  3. Use a password manager (like Proton Pass, Bitwarden, or 1Password)

Because in 2025, your password isn’t just a key—it’s a target.

And with 300 million stolen logins already circulating, now is the time to lock things down.

      edit

0 التعليقات:

إرسال تعليق

الاشتراك في: تعليقات الرسالة (Atom)