Are your passwords for sale on the dark web?
By Leah Giesbrecht  

Over 24 billion usernames and passwords – by some estimates, that’s the amount of sensitive personal data for sale in cybercriminal marketplaces like the dark web. Does that include your passwords? To discuss common ways your information can end up on the dark web, and how you can prevent this from happening in the first place, we chatted with Anthony Green, CPABC's manager of security operations and compliance. 

How prevalent is this issue is in Canada and North America?
Passwords for sale on the dark web is a global issue. North America is definitely a target because we were early adopters of this technology and use the internet so frequently, so many users have a large digital footprint. We are also home to some of the largest internet companies. It's not that North Americans are more susceptible to the issue, it's because North Americans have been online for so long and use the internet so often.

How do passwords usually end up for sale on the dark web?
One of the most common routes is when an organization has poor cybersecurity and they get breached. All of that organization’s usernames and passwords can then be stolen and posted on the dark web. Another common route is when bad actors attack you directly – for example, infostealer malwares can be installed on your personal computer when you click on an untrustworthy website.  If you have numerous passwords and usernames stored in your web browser password managers like Google Chrome or Edge, the malware can take that information because it’s not encrypted, it’s stored in plain text.

Once attackers have one of your usernames and passwords, they will try to log into different accounts because many people use the same password across multiple accounts. From there, your information can end up on the dark web, where anybody who pays a few cents or dollars can access it. Whoever buys it can simply log in to your account. 

For anyone who’s been on the internet, at least one of their accounts has likely been breached. This isn’t a big problem unless it’s a sensitive account. For example, my Starbucks rewards program isn’t connected to my credit card, so if that gets breached, someone will know how many coffees I bought. Compare that to if my email account were breached – attackers could change all of my passwords, or if they breached my bank account, they could steal my money. 

How can businesses evaluate if their information is at risk?
Business owners need to ask, “If a non-user (someone who isn’t an employee, client, or member) logs in to our system as a user, what could they do?”  If the answer is, "They can just change some account settings," maybe you don't need to take action. But if the answer is, “They could do a lot,” the business needs to implement multi-factor authentication for their users. An attacker won’t be able to get into your account by purchasing your username and password from the dark web if you have multi-factor authentication set up. It’s about reducing risk, because any system or device is a potential target.

What’s your guidance specifically for CPAs and their clients? 
Many CPAs and their clients have their own portals that they log in to. For example, a CPA might work with 15 different clients and each might have a portal they need to log in to when submitting information, which means they might have 15 different accounts. The worst thing a CPA could do is use the same password for all those accounts. If somebody's targeting that CPA, knows the clients, and knows just one password, now they have access to all 15 of those clients. However, this is a very solved problem – the client can enable multifactor authentication. On the CPA side, they can use an official password manager like 1Password ( a Canadian company) or Bitwarden to securely save the passwords.

What other best practices can we use to protect our passwords? 
 Along with using multi-factor authentication, a password manager, and unique passwords for all your accounts, a good tip is that length beats complexity. A fifteen-character password made of three or four random words put together and a number or special character is significantly stronger than ten random characters. Checking for these factors is a good password security test. 

What red flags indicate that your passwords are at risk?
Red flags include receiving emails from a site saying that you have changed your settings, permissions, or other configurations. Another area to keep an eye on is activity logs. With most email providers like Gmail and Outlook, you can see who has signed in and their location. Check your activity logs for your sensitive accounts and make sure only people you know and trust have signed in and that nobody has signed in from a strange location.
If you’re seeing these red flags or you get hacked, change your password and make sure it’s unique and long. Next, consider using multi-factor authentication and a password manager. If you have information that is sensitive, add more layers of security to it to protect it. Hopefully by taking some of these suggestions to heart, your information will be safe and we'll be seeing fewer passwords on the dark web.

Originally published in CPABC’s Newsroom
 
Disclaimer: CPANL does not endorse any of the services or products mentioned in this article. It is the reader’s responsibility to research and review the services and products independently.


Latest News

  

CPAs can harness relationships to protect mental health

Posted on 4/30/2026
How CPAs are coping—and what comes next.
  

Budget Release 2026

Posted on 4/30/2026
The Newfoundland and Labrador Government released it's latest budget for the upcoming year. Please click here for the CPA Newfoundland and Labrador commentary.
  

You're Invited! Convocation Dinner, Awards Ceremony, and Dance!

Posted on 3/18/2026
Join us for a memorable evening as we celebrate this year’s graduates at the St. John’s Convention Centre on Saturday, May 30, 2026.
  

Anti-Money Laundering: CPAs Can Help to Disrupt Financial Crimes

Posted on 12/17/2025
Criminals and terrorists are getting increasingly sophisticated about exploiting anti-money laundering vulnerabilities around the world.
  

Congratulations to our Successful 2025 September CFE Writers!

Posted on 11/28/2025
CPA Newfoundland and Labrador is pleased to congratulate the 31 CPA candidates in this province who have successfully completed the September 2025 Common Final Examination (CFE).
  

CPAs: Multiplying Kindness - The Happy Tree

Posted on 11/27/2025
In the spirit of giving back to the community, CPA NL has launched our 8th annual Multiplying Kindness Campaign.
  

Call for Nominations - FCPA & ELA 2025

Posted on 10/16/2025
CPA Newfoundland & Labrador’s Member Recognition Committee is pleased to announce the call for nominations for both the Fellowship (FCPA) award as well as the Emerging Leader Award (ELA). Deadline for nominations is December 4, 2025.
  

Annual General Meeting 2025

Posted on 9/10/2025
Virtual Meeting 12:00 PM NDT, September 24th, 2025
  

Congratulations to our Successful 2025 May CFE Writers!

Posted on 8/8/2025
CPA Newfoundland and Labrador is pleased to congratulate the 11 CPA candidates in this province who have successfully completed the May 2025 Common Final Examination (CFE).
  

Are your passwords for sale on the dark web?

Posted on 7/23/2025
Over 24 billion usernames and passwords – by some estimates, that’s the amount of sensitive personal data for sale in cybercriminal marketplaces like the dark web. Does that include your passwords?
  

Managing the now while shaping the next: Balancing operational tasks and strategic initiatives

Posted on 7/23/2025
The operational demands of any organization are at least a full-time workload. Given that, it’s a challenge to find time to develop and advance strategic initiatives.
  

We are looking for Practice Inspectors!

Posted on 6/19/2025
The success of the Office Practice Inspection Program relies upon the commitment and expertise of our inspectors!
  

Call for Board Nominations 2025-26

Posted on 6/17/2025
CPA Newfoundland & Labrador is now accepting nominations for four Board positions. Deadline for nominations is September 3, 2025.
  

Next Generation 2025

Posted on 6/16/2025
Congratulations to our newest graduates!
  

2025 Government Relations Committee Budget Consultation

Posted on 2/4/2025
On January 15, 2025 members of the CPA Newfoundland and Labrador (“CPANL”) Government Relations Committee engaged in a meeting with The Honourable Siobhan Coady, Minister of Finance, Government of Newfoundland and Labrador, and her support team.
  

10 Years

Posted on 1/9/2025
January 9th, 2025 marks a significant milestone—the 10th anniversary of CPA Newfoundland and Labrador, and a decade of being a unified profession.
  

Congratulations to our Successful 2024 September CFE Writers!

Posted on 12/6/2024
CPA Newfoundland and Labrador is pleased to congratulate the 30 CPA candidates in this province who have successfully completed the September 2024 Common Final Examination (CFE).
  

Updates from CPA Canada

Posted on 9/5/2024
Updates from CPA Canada
  

Annual General Meeting 2024

Posted on 8/21/2024
Virtual Meeting 12:00 PM NDT, September 18th, 2024
  

Congratulations to our Successful 2024 May CFE Writers!

Posted on 8/16/2024
CPA Newfoundland and Labrador is pleased to congratulate the 13 CPA candidates in this province who have successfully completed the May 2024 Common Final Examination (CFE).
  

Call for Board Nominations 2024-25

Posted on 6/18/2024
CPA Newfoundland & Labrador is now accepting nominations for four Board positions. Deadline for nominations is August 27, 2024.
  

Next Generation 2024

Posted on 6/17/2024
Congratulations to our newest graduates!
  

Government Relations Committee Budget Consultation

Posted on 3/18/2024
On January 12, 2024 members of the CPA Newfoundland and Labrador (“CPANL”) Government Relations Committee engaged in a meeting with The Honourable Sibohan Coady, Minister of Finance, Province of Newfoundland and Labrador, and her support team.
  

Congratulations to our Successful 2023 September CFE Writers!

Posted on 12/1/2023
CPA Newfoundland and Labrador is pleased to congratulate the 25 CPA candidates in this province who have successfully completed the September 2023 Common Final Examination (CFE).
  

CRA responds to questions from CPAs across Canada – 2023

Posted on 11/28/2023
During 2023, CPAs across the country were canvassed to pose the top questions they have for the CRA.
  

Call for Nominations - FCPA & ELA 2023

Posted on 10/17/2023
CPA Newfoundland & Labrador’s Member Recognition Committee is pleased to announce the call for nominations for both the Fellowship (FCPA) award as well as the Emerging Leader Award (ELA). Deadline for nominations is December 14, 2023.
  

Notice - Annual General Meeting 2023

Posted on 9/7/2023
Virtual Meeting 12:00 PM NDT, September 21st, 2023
  

Congratulations to our Successful 2023 May CFE Writers!

Posted on 8/18/2023
CPA Newfoundland and Labrador is pleased to congratulate the 16 CPA candidates in this province who have successfully completed the May 2023 Common Final Examination (CFE).
  

CPAEFNL Inc. Cornhole Tournament 2023

Posted on 7/18/2023
You're invited to attend the first CPAEFNL Inc. Cornhole Tournament to take place on September 29, 2023.
  

Call for Board Nominations 2023-24

Posted on 6/20/2023
CPA Newfoundland & Labrador is now accepting nominations for four Board positions. Deadline for nominations is August 29, 2022.