In the shady corners of the Internet lurks a practice called “credential harvesting.” In today’s digital world, where online activities and transactions are more common than ever, this phenomenon is a growing threat. But what exactly is credential harvesting and why is it so crucial to be aware of it?

What is Credential Harvesting?

Credential harvesting is the unlawful collection of login information from unsuspecting users. The goal? To gain access to personal, financial or corporate information. Attackers often pursue data such as passwords, usernames and other identifying information. In the wrong hands, this data can have devastating consequences, ranging from financial fraud to identity theft.

How does credential harvesting work?

There are numerous techniques cybercriminals use to attempt to obtain credentials. The most common ones are listed below:


One of the most common and recognizable techniques is the phishing attack. In phishing, an attacker becomes a digital angler, casting bait in the form of a misleading email to his victim. These emails are often disguised as legitimate messages from trusted sources, such as banks, social networking sites or even colleagues and family members. They may contain alarming or urgent messages, such as a report of suspicious activity on a bank account. Often, the recipient is directed to a fake login page that appears almost identical to the real website. When the victim enters his or her login credentials, they are immediately captured by the attacker.

Fake login pages

As just briefly touched upon, fake login pages are a major problem. These are Web sites designed to look and function exactly like legitimate sites. It could be a fake version of a popular e-mail service, a social network or an online store. Once an unsuspecting user lands on such a page (often through a link in a phishing email) and enters their credentials, those credentials are sent directly to the attackers.


Keyloggers pose a more immediate threat. These are software programs or sometimes even hardware devices that run silently in the background of a computer or mobile device, recording every keystroke a user makes. This means that even if a user is not tricked by a counterfeit website, anything typed on the device – from emails to passwords – can be captured and sent to the cybercriminal. Installing such malware can be done through a malicious email attachment, an infected software download or even through physical access to the target device.

Unsecured databases

Finally, there are unsecured databases. Every day we trust companies and services to keep our personal and financial information secure. Unfortunately, not all databases are equally secure. Cybercriminals use various techniques, such as SQL injection, to penetrate these databases and steal large amounts of login credentials all at once. When such an attack is successful, the damage can be enormous, as the data of thousands or even millions of users can be exposed at once.

The consequences of credential harvesting

The consequences of credential harvesting can be far-reaching. We can distinguish between the data of individuals and that of companies.


For individuals, the leakage of credentials can lead to a series of personal nightmares. Imagine a cybercriminal gaining access to your e-mail account. This access could be used to collect personal information, such as your address, date of birth or even financial data. In addition, emails can be used to trick friends and family, leading to a snowball effect of compromised accounts. In addition, the loss of login credentials to financial services, such as your bank account, can lead to unlawful financial transactions, where your savings can disappear in an instant. Recovering a compromised account can be stressful, time-consuming and in some cases costly.


At the corporate level, the implications are even more alarming. When employee information is obtained, it can lead to significant data breaches. Trade secrets, customer databases and other sensitive information can be sold on the black market or used for competitive advantage. A data breach can lead not only to financial loss, but also serious reputational damage. Customers trust companies to keep their data secure, and when this trust is violated, it can lead to loss of customers and legal actions.

There is also the human factor. Employees who become the victims become victims of credential harvesting may feel guilty, embarrassed or anxious, which can impact their well-being and productivity.

At a time when our digital footprint continues to grow, it is more important than ever to understand the consequences of credential harvesting. understanding. It’s not just a technical issue; it goes to the heart of our privacy, security and the trust we place in the digital platforms we use every day. Combating this threat requires awareness, education and proactive measures to protect our
digital lives.

Credential Harvesting in Practice

The threat of credential harvesting is not a theoretical risk. Over the years, several large organizations and their customers have suffered from it. The following three examples are illustrative of the scope and severity of such attacks.

  • Yahoo: In 2013 and 2014, Yahoo was hit by what is considered the largest data breach in history. More than 3 billion accounts were compromised. Cybercriminals had access to names, email addresses, phone numbers, dates of birth and, in some cases, even secure Q&A. It took years before the full extent of the breach was revealed, causing significant reputational damage to the company.
  • LinkedIn: In 2012, LinkedIn was hit by a data breach. News sources reported that passwords of LinkedIn users had been leaked. Initially, the damage was thought to be limited to 6.5 million accounts. However, in 2016 came the shocking revelation that more than 117 million accounts had been compromised. The leaked passwords were even offered for sale on the dark web, further underscoring the seriousness of the situation.
  • Adobe: Adobe, known for its suite of software products, was hit by a major breach in 2013. Cybercriminals gained access to the usernames, emails and encrypted passwords of more than 153 million accounts. In addition to login credentials, customer data and source codes for multiple Adobe products were also compromised.

Protecting yourself and your company

Fortunately, there are several measures individuals and organizations can take to protect themselves.

Change passwords regularly.

The first and most basic piece of advice is to change passwords regularly. Choose complex passwords that contain a combination of letters, numbers and special characters. Using a password manager can help create and store strong passwords without having to remember them all.


Two-factor authentication (2FA) provides an additional layer of security. Even if an attacker obtains a password, accessing the account without the second factor, such as an SMS code or an authentication app, is not possible.


It is also essential to be careful with emails from unknown senders. Do not simply click on links or download attachments unless you are sure the source is trustworthy. Be aware of the potential risks of rogue links and attachments.

Training and education

Organizations can invest in advanced security systems and offer security awareness training to their employees.

Being proactive and following these protective steps can significantly reduce the risk of credential harvesting.