Data thefts on social networks have seen a significant increase, reaching 31.8%

Email addresses and passwords are the most vulnerable data, with corporate accounts seeing a +27.8% increase in breaches

On the dark web, credit card numbers are almost always accompanied by the Card Verification Value and expiry date (98.6% of cases).

The pandemic has provided more opportunities for hackers to carry out their criminal activities, along with a more intense use of the web by a wider range of users.

Compared to the first half of 2020, there was a 56.7% increase in the number of Italian users who received a warning of a cyber-attack on their personal data in the second half of the year. In particular, the figure refers to alerts relating to information found on the dark web (a set of web environments that do not appear through normal Internet browsing activities and require specific browsers or targeted searches), almost twice the number of alerts as found on the public web.

Accounts linked to entertainment sites (especially online games and streaming) are still the most exposed to personal data theft (51.5% of total cases), even though the proportion fell by 29.6% compared to the first half of the year.

On the other hand, social networks experienced a significant increase in risk, jumping from 1.6% to 31.8%.

Most commonly detected accounts

% 2nd half 2020



Social media




Forums and websites


Source: CRIF Cyber Observatory

These are some of the findings of the CRIF Cyber Observatory, which looks at the vulnerability of individuals and companies to cyber-attacks and interprets the main trends concerning data exposed in Open Web and Dark Web environments, the type of information, the areas in which data traffic is concentrated, and the most exposed countries, as well as offering some ideas on dealing with cyber risk in a more informed way.

"The data from the Cyber Observatory makes us aware of the level of vulnerability of the data of individuals and businesses. The use of digital technology has accelerated, largely as a result of the pandemic, and has become part of the purchasing and service use habits of many people. At the same time, a number of companies have started offering their products and services via e-commerce and consequently have had to set up a website and manage online orders. Like all new things, however, we must not underestimate the collateral risks, which are totally new to many people", explained Beatrice Rubini, Executive Director of CRIF.



The countries most affected by email and password theft include the USA, Russia, France and Germany, followed by the UK and Italy, which is ranked sixth overall. Poland, the Czech Republic, Japan and Brazil complete the top 10.

Another area of investigation in the Cyber Observatory is the ranking of the continents most subject to illicit credit card data exchange. This ranking is led by North America, followed by Europe and Asia, but with a considerable gap from the top. At the bottom of the list are Africa and Oceania. Among the individual countries most affected, the United States is at the top, followed by France and Brazil, completing the top three, while Italy is in eleventh position.

"Undoubtedly there are behaviors that can effectively mitigate the risks. For example, as consumers, one issue is how we set up and manage passwords linked to different accounts and how carefully we respond to emails, messages, or phone calls. On the other hand, for companies that have a website or an e-commerce site, it is important to have protection systems in place, but also to promptly intercept potential vulnerabilities arising from outdated service configurations or software", adds Rubini.



In addition, according to the Observatory, in the second half of 2020, the personal data predominantly circulating on the dark web, and therefore the most vulnerable, included passwords, personal or corporate email addresses, usernames, and phone numbers. These valuable contact details could be used to try to commit fraud, such as through phishing or smishing. However, there are also exchanges of financially relevant data, such as credit card details and IBANs. 

It is even more interesting to observe the main combinations of data intercepted on the web. Email addresses are almost always associated with a password (96.3% of cases), while the number of cases in which phone numbers appear together with passwords dropped significantly (-52%).

While those found on the dark web are mostly personal email accounts, there was some acceleration in the number of breaches on business accounts, which in the space of six months saw an increase of +27.8%.

With regard to credit card information, in addition to the card number, the Card Verification Value and expiry date are almost always present (98.6% of cases), and in 20.8% of cases, the first and last names of the card holder are also found. 

Main data combinations

% 2nd half 2020

Email + Password


Phone number + password


Full credit card (with cvv number and expiry date)


Username + Password


Full credit card + First and Last Name


Phone number + First and Last Name


Source: CRIF Cyber Observatory



According to an analysis of passwords found on the dark web, the top 10 most used passwords in the second half of 2020 were "123456", followed by "123456789", and "qwerty".

These are very simple combinations of numbers and letters that are easily intercepted by hackers. On the other hand, the use of these very basic passwords reveals the inexperience or laziness of some web users, who often do not follow the most basic rules to protect themselves from intrusions, such as choosing long and different passwords for each important account, with combinations of letters, numbers and symbols that have no connection with personal information.

It is also important for users to activate two-factor authentication, where possible, to prevent hackers from entering accounts even after discovering the username and password, as well as to pay close attention when using public WiFi networks, where even the most secure password could be intercepted, and to the risks associated with storing credentials on public or shared computers.


Related news

CRIF Cyber Observatory  - 2021 Yearly Report
CRIF Cyber Observatory - 2021 Yearly Report

CRIF Cyber Observatory analyzes the vulnerability of people and companies to cyber-attacks both on open web and dark web. It In 2021 nearly 2 million of alerts were sent through CRIF services, with an increase by 48,7% vs 2020. Alerts were related to data both found on the open web and on the dark web, with an increase of the latter by 57,9%.

Read more
No stop to the theft of personal data on the web during the pandemic: in the first half of 2020, cases increased by 26.6% compared to 2019.

The users most at risk are men between the ages of 31 and 40. 73.2% of stolen accounts are linked to entertainment sites (online gaming and streaming), followed by financial services. Italy ranks 6th overall among the most affected countries.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!