Bologna (Italy), November 12, 2020

No stop to the theft of personal data on the web during the pandemic: in the first half of 2020, cases increased by 26.6% compared to 2019

The users most at risk are men between the ages of 31 and 40. 
73.2% of stolen accounts are linked to entertainment sites (online gaming and streaming), followed by financial services. 

The pandemic has not stopped the criminal activities of hackers. On the contrary, they have probably found more opportunities due to the more intense use of the web by a wider audience of users during lockdown. Compared to the first half of 2019, the first six months of 2020 saw a 26.6% increase in the number of users who received notification of a cyber-attack on their sensitive information. More specifically, twice as many alerts were sent regarding data theft on the dark web - i.e. a set of web environments that do not appear through normal Internet browsing activities and require specific browsers or targeted searches - as those relating to the public web.

These are some of the key findings that emerged from the Cyber Observatory carried out by CRIF, which is aimed at analyzing the vulnerability of individuals and companies to cyber-attacks and interpreting the main trends concerning data exchanged in Open Web and Dark Web environments. The study also looks at the type of information, the environments in which data traffic is concentrated, and the most exposed countries, as well as offering some suggestions on how to deal with cyber risk.


Analyzing the characteristics of Italian users notified of a possible theft of personal data during the first half of the year, the study shows that the age groups most affected are those between 31 and 40 and 41 and 50, with 35.7% and 33.5% of users alerted, respectively, followed by those between 51 and 60, with a share of 30.2%.

In terms of gender, the majority of users who received an alert were men, while women account for just over a third of the users alerted.


According to the Observatory, in the first half of 2020, the type of personal data that mainly circulates on the dark web, and therefore the most vulnerable, are personal or company email addresses, passwords, usernames and phone numbers: these valuable contact details could be used to carry out scams, such as through phishing or smishing. However, there is also a significant exchange of data with financial significance, such as credit cards and IBANs.

It is even more interesting to observe the main combinations of data intercepted on the web: emails are almost always associated with a password (99.6% of cases), just as passwords appear very often together with phone numbers and usernames (99.2% and 89.8%, respectively). With regard to credit card data, very often, in addition to the card number, the cvv number and expiry date are also found (in 91.4% of cases), but in 11.3% of cases the first and last name of the holder are also present. 

Main data combinations

% 1st half 2020

Email + Password


Phone number + password


Full credit card (with cvv number and expiry date)


Username + Password


Full credit card + First and Last Name


Source: CRIF Cyber Observatory

The Cyber Observatory also shows that more than 4 out of 5 email accounts on the dark web refer to personal email accounts, while 18% refer to business accounts.


The study then analyzed the passwords detected on the dark web as an indicator of the vulnerability of the accounts they are associated with. The top 10 most used passwords in the first half of 2020 were "123456", followed by "123456789", and "qwerty".

These are very simple combinations of numbers and letters, easily intercepted by hackers. On the other hand, the use of these very basic passwords reveals the lack of expertise of some web users, who often do not follow the most basic rules to protect themselves against intrusion, such as choosing long and different passwords for each important account, with combinations of letters, numbers and symbols unrelated to personal information.

It is also important for users to activate two-factor authentication, where possible, to prevent hackers from entering accounts even if they have discovered the username and password. It is also advisable to pay particular attention when using public WiFi networks, where even the most secure password could be intercepted, and not to store credentials on public or shared computers.


Most of the accounts stolen in the first half of 2020 (73.2%, to be precise) relate to entertainment sites, especially online gaming and streaming. In second place are accounts relating to financial services portals (in particular banking, cryptocurrency exchange platforms or payment services), with a share of 18.7% of the total. This latter type is particularly dangerous because it could result in significant financial losses for the victims of theft, as in the case of e-commerce accounts, where 6.5% of thefts occur.

Last but not least, from a more personal point of view, as it is now part of daily life for many people, 1.6% of the thefts detected relate to social media accounts.

Most commonly detected accounts

% 1st half 2020



Financial services




Social media


Source: CRIF Cyber Observatory


Looking at the ranking of countries most affected by the phenomenon of online email and password theft, the USA, Russia, Germany and France are at the top, followed by the UK and Italy, which stands at sixth place overall. Poland, the Czech Republic, Canada and Japan complete the top 10 of the most affected countries.

TOP 10 1st half 2020 – email & password theft


.COM .NET global & USA


.RU Russia


.DE Germany


.FR France


.UK United Kingdom


.IT Italy


.PL Poland


.CZ Czech Republic


.CA Canada


.JP Japan

Source: CRIF Cyber Observatory

One of the final areas of investigation in the Cyber Observatory is the classification of continents according to the exchange of illicit credit card data. This ranking is led by North America, followed by Europe and Asia, but with a considerable gap between first and second place. At the bottom of the ranking are Africa and Oceania.

Among the individual countries most involved, the United States is at the top, followed by Brazil and the United Kingdom, completing the top three, while Italy is in ninth position.

TOP 10 1st half 2020 – credit cards





















Source: CRIF Cyber Observatory



Once credentials have been stolen, they can then be used for a variety of fraudulent purposes, such as hacking into victims' accounts, misusing services, sending emails with money requests or phishing links, and sending malware or ransomware in order to extort or steal money.

"The data from the Cyber Observatory helps us understand and reflect on the risks involved in the circulation of our data online. Given the inevitable shift of part of our lives and purchases from the physical world to the online world, it is increasingly essential that we protect ourselves adequately to prevent someone from "stealing" our data and committing fraud, with potential financial and reputational repercussions for us. This is true on a personal level, but it also affects companies.

What can we do to protect our personal data? Managing our passwords properly and being careful about the exposure and communication of our data is good practice. What’s more, there are tools that now allow us to protect our devices and monitor our data," commented Beatrice Rubini, Executive Director of CRIF.