The latest report published by the Digital Shadows team reveals the true extent of stolen account login credentials circulating on the dark web amongst criminals. The team spent nearly 18 months auditing criminal forums and marketplaces across the dark web and discovered that now over 15 billion stolen credentials from 100,000 breaches are available to cybercriminals. The number increased by 300% since the year 2018.
The report titled ‘From Exposure to Takeover’ warned that there is a treasure trove of account credentials available to cybercriminals. The stolen 15 billion logins include username and security password pairs for social media accounts, music streaming services, and even online banking. This number is equivalent to two sets of account login credentials for every person on the planet.
The report also discovered that there is some duplication across the availability of this data, however, over 5 billion account logins were found to be entirely unique as they had only been marketed once on the cybercrime markets and forums. Many account credentials were also given away for free.
The average cost of the commercially traded credentials was $15.43, more valuable data like active bank account logins commanded as premium. The average price of banking and other financial services account logins was calculated to be $70.91. The team also some of the banking accounts being sold for as much as $500 depending on the number of funds available in the account as well as the freshness of the theft.
Anti-virus and security solution accounts were the second most valuable ones with an average price of $21.67. When it comes to domain administrator account logins, they were usually sold by auction with an average price of $3,139, reaching a price of even $120,000.
It has never been easier for hackers to take over account logins, nor cheaper. The 300% rise in the availability of account logins over the past two years has driven prices downwards to an extent where free stolen logins are not hard to find. Unsurprisingly, tools required to account logins are available for as little as $4 on the dark web forums.
The researchers discovered that the vast majority of victims are consumers, and it is important that we start making efforts to protect our credentials. CISO as Digital Shows, Rick Holland warned that details exposed in one data breach may also be re-used to compromise account logins used somewhere else. You should use different passwords for each account, and using two-factor authentication and hardware-based authentication keys is also recommended.
Read next: 7 in 10 of companies hosting data in the public cloud experienced a security incident
The report titled ‘From Exposure to Takeover’ warned that there is a treasure trove of account credentials available to cybercriminals. The stolen 15 billion logins include username and security password pairs for social media accounts, music streaming services, and even online banking. This number is equivalent to two sets of account login credentials for every person on the planet.
The report also discovered that there is some duplication across the availability of this data, however, over 5 billion account logins were found to be entirely unique as they had only been marketed once on the cybercrime markets and forums. Many account credentials were also given away for free.
The average cost of the commercially traded credentials was $15.43, more valuable data like active bank account logins commanded as premium. The average price of banking and other financial services account logins was calculated to be $70.91. The team also some of the banking accounts being sold for as much as $500 depending on the number of funds available in the account as well as the freshness of the theft.
Anti-virus and security solution accounts were the second most valuable ones with an average price of $21.67. When it comes to domain administrator account logins, they were usually sold by auction with an average price of $3,139, reaching a price of even $120,000.
It has never been easier for hackers to take over account logins, nor cheaper. The 300% rise in the availability of account logins over the past two years has driven prices downwards to an extent where free stolen logins are not hard to find. Unsurprisingly, tools required to account logins are available for as little as $4 on the dark web forums.
The researchers discovered that the vast majority of victims are consumers, and it is important that we start making efforts to protect our credentials. CISO as Digital Shows, Rick Holland warned that details exposed in one data breach may also be re-used to compromise account logins used somewhere else. You should use different passwords for each account, and using two-factor authentication and hardware-based authentication keys is also recommended.
Read next: 7 in 10 of companies hosting data in the public cloud experienced a security incident
