New Barracuda Study Reveals 33% of Hijacked Email Accounts Stay Compromised for Over a Week
Why this matters: Attackers are now patient—more than a third of stolen accounts lie dormant and continue to be used, making every compromised inbox a ticking time bomb.
Key Findings from the Report
- Long‑term occupation. Over 33% of the 159 stolen accounts we examined were still in the hands of attackers after a week, giving cybercriminals ample time to extract value.
- Economic underground. Researchers, in partnership with UC Berkley, tracked a sophisticated marketplace for email takeovers—businesses swapping usernames and passwords for profit.
- Credential reuse. Almost 20% of compromised accounts also appear in public password leaks, meaning employees are reusing the same login across job and personal sites.
- Two‑tier profiteering. 31% of accounts see a first wave of attackers who strip credentials and then sell them to a second group that focuses on real‑world monetization.
- Email‑centric attacks. A staggering 78% of attackers only target the mailbox, leaving other cloud services untouched—perhaps because they’re unaware of the data hidden inside or the organizations have limited non‑email access.
What This Means for Your Business
Cybercriminals are evolving: they’re quiet, patient, and perfectly prepared to keep spying on your inbox until they can squeeze every ounce of value or sell the creds at a premium. Knowing this can steer your security strategy.
“Understanding how attackers behave lets us slap on the right protection and act fast when a breach happens,” says Don MacLennan, SVP Engineering for Email Protection at Barracuda.
Takeaway Checklist
- Audit how often employees reuse passwords.
- Run regular look‑ups for compromised credentials.
- Bolster email defenses—multi‑factor, anomaly detection, and monitoring.
- Deploy education programs that highlight the risks of leaving an inbox open.
Stay proactive, keep your inbox locked, and remember: a compromised email isn’t just a leak—it’s a goldmine for a highly organized, patient cybercriminal community.
