May, 2021

Upsurge in online personal data theft. Half of stolen accounts are linked to online entertainment, gaming, and streaming sites

The pandemic has provided more opportunities for hackers to carry out their criminal activities, along with a more intense use of the web by a wider range of users. Overall, the number of users who have who received a warning of a cyber-attack on their personal data continues to grow. 
Overall, accounts linked to entertainment sites (especially online games and streaming) are still the most exposed to personal data theft (51.5% of total cases). On the other hand, social networks have experienced a significant increase in risk.

Type of websites with accounts at risk of personal data exposure

% exposure of personal data in the 2nd half of 2020



Social media




Forums and other websites


Source: CRIF Cyber Observatory

These are some of the findings to come out of the CRIF Cyber Observatory relating to the 2nd half of 2020. The Observatory looks at the vulnerability of individuals and companies to cyber-attacks and interprets the main trends concerning data exposed in Open Web and Dark Web environments, the type of information, the areas in which data traffic is concentrated, and the most exposed countries, as well as offering some ideas and recommendations for dealing with cyber risk in a more informed way.

"The data from the Cyber Observatory makes us aware of the level of vulnerability of the data of individuals and businesses. The use of digital technology has accelerated, largely as a result of the pandemic, and has become part of the purchasing and service use habits of many people. At the same time, a number of companies have started offering their products and services via e-commerce and consequently have had to set up a website and manage online orders. Like all new things, however, we must not underestimate the collateral risks, which are totally new to many people", explained Beatrice Rubini, Executive Director of CRIF.

Most affected countries 

The Cyber Observatory has extended its analysis to an international level, identifying those countries most affected by online password and email theft. Going through the ranking, the most affected countries are the USA, Russia, France and Germany, followed by the UK and Italy. Poland, the Czech Republic, Japan and Brazil complete the top 10.

The continent most affected by illicit exchanges of credit card information is North America, followed by Europe and Asia, but with a considerable gap. At the bottom of the list are Africa and Oceania. Among the individual countries most affected, the United States is at the top, followed by France and Brazil, while Italy is in eleventh position.

Type of data circulating on the dark web 

The personal data predominantly circulating on the dark web, and therefore the most vulnerable, include passwords, personal or corporate email addresses, usernames, and phone numbers.
These valuable contact details could be used to try to commit fraud, such as through phishing or smishing. Added to these are data exchanges, such as credit cards or current account codes, used for financial fraud.
It is even more interesting to observe the main combinations of data intercepted on the web.
Email addresses are almost always associated with a password (96.3% of cases), while the number of cases in which phone numbers appear together with passwords dropped significantly (-52%). While those found on the dark web are mostly personal email accounts, there was some acceleration in the number of breaches on business accounts.
With regard to credit card information, in addition to the card number, the Card Verification Value and expiry date are almost always present (98.6% of cases), and in 20.8% of cases, the first and last names of the card holder are also found. 

The most commonly used passwords and what to do to make life difficult for hackers

According to the CRIF Cyber Observatory, the top 10 most used passwords on the dark web in the second half of 2020 were "123456" followed by "123456789" and "qwerty". These are very simple combinations of numbers and letters that are easily intercepted by hackers. On the other hand, the use of these very basic passwords reveals the naivety or laziness of some web users, who often do not follow the most basic rules to protect themselves from intrusions. The first rule to follow is to choose long and different passwords for each important account, with combinations of letters, numbers and symbols that have no connection with personal information, such as date of birth.

A further precautionary measure is, where possible, to activate two-factor authentication to prevent hackers from entering accounts even after discovering the username and password. Finally, it is recommended to pay close attention when using public WiFi networks, where even the most secure password could be intercepted, and to the risks associated with storing credentials on public or shared computers.