Hackers made hay of the sorry state of credential security in 2016 . They stole Attack.Databreach millions of username and password combinations from online services of all shapes and sizes . Blogs and discussion forums were hit particularly hard . Exploiting credentials is an old attack vector that still works wonders for hackers . In its 2016 Data Breach Investigations Report ( DBIR ) , Verizon added a section about credentials , revealing that 63 % of data breaches Attack.Databreach involved weak , default or stolen passwords . “ This statistic drives our recommendation that this is a bar worth raising , ” reads the report . Why is it so easy for cybercriminals to plunder Attack.Databreach login credentials ? End users , despite constant warnings , continue re-using passwords , allowing hackers to conveniently break into multiple accounts after stealing Attack.Databreach someone 's credentials once . It 's like having one key for your bike lock , front door , office building , car and bank box . Meanwhile , more software vendors should provide advanced hashing , salting and other scrambling technologies for protecting credential information in case it 's stolen Attack.Databreach . For example , attackers hacked Clash of Kings ' forum after exploiting a known vulnerability in an outdated version of the vBulletin software . The thieves stole Attack.Databreach personal information from 1.6 million user accounts , including scrambled passwords . In one case , an attacker used misplaced install files to gain admin privileges . In another case , hackers stole Attack.Databreach one moderator 's credentials and used the account to post a malicious message in the forum . After viewing the message , the forum 's administrator had his account compromised , leading to a massive breach . Notable vulnerabilities exploited Vulnerability-related.DiscoverVulnerability in recent years include CVE-2016-6483 , CVE-2016-6195 , CVE-2016-6635 , CVE-2015-1431 , CVE-2015-7808 , CVE-2014-9574 and CVE-2013-6129 .