JAKARTA - The year 2023 has arrived, but until now most of us still think passwords are just the most common method for countless online service authentication.

But, different cybercriminals. They consider passwords as shortcuts to other people's lives, very important work tools, and merchandise that can be sold.

Knowing passwords, cybercriminals can not only obtain accounts, data, money, and even personal identities, they can also use you as a weak chain to attack online friends, relatives, or even companies where you work or own.

There are several methods of cybercriminals that can steal your passwords, some of which are:

Phishing is one of the credentials that target human weaknesses. Hundreds of phishing sites, assisted by thousands of emails leading up to it, appear every day.

This method almost surrounds the age of the internet we use now, so cybercriminals have plenty of time to develop various social engineering tricks and cover tactics. Even professionals sometimes can't tell the phishing email from the original at a glance.

Another common way to steal your credentials is with malware. According to Kaspersky statistics, most of the active malware consists of Trojan thieves, whose main goal is to wait until users enter multiple sites or services, and copy their passwords and send them back to the creator.

If you don't use a security solution, the Trojans can hide in the computer undetected for years and you won't know that something is wrong, because it doesn't cause visible damage, simply by secretly doing its job.

You don't always make mistakes yourself. It could be that the data leak comes from the service provider or the company itself. Companies that take cybersecurity seriously don't store user passwords at all, or at least do it in encrypted form. But you can never be sure that there are definite and measurable steps to avoid that.

Modern cybercriminals prefer to specialize in certain fields. They may steal user passwords, but don't necessarily use them and think that it will be more profitable to sell them wholesale.

Buying such a password database is very interesting for cybercriminals, as it gives them all-in-one: users tend to use the same password on a number of platforms and accounts, often tie them all to the same email. Thus, by simply having passwords from one platform, cybercriminals can gain access to many other victim accounts.

The leaked company's database that may contain or not contain credentials is also sold on the same black market. The price of such a database varies depending on the amount of data and the organization's industry.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)