Dark Web Investigation Finds 15 Billion Credentials Being Put On Sale

An investigation looking into the dark web has revealed at least 15 billion credentials being sold to cybercriminals, which consist of personal information of individuals.

Worldwide data breach

The research Digital Shadows conducted was named "From Exposure to Takeover" and discovered an average of two credentials for every person in the world that is available for purchase.

According to Tech Radar, since 2018, the number of stolen information that was put on sale on the dark web has risen by 300%, consisting of more than 100,000 different data breaches.

Out of the 15 billion credentials, at least 5 billion were considered unique as they have only been advertised once on forums used by cybercriminals. The research also showed that most of the compromised details were from consumers ranging from bank account usernames and passwords to video and music streaming services.

With the massive amount of available credentials for purchase, the average price falls at $15.43, with bank and financial details being placed at higher prices with an average of $70.91. However, depending on the quality of the account, the sale could have a price tag of more than $500.

In the last 18 months, Digital Shadows has cautioned clients of more than 27 million username and password combinations that are susceptible to hacks. Despite the continuous warnings, it has become far more accessible and cheaper for cybercriminals to access hacked accounts.

The rapid rise of available purchases on the dark web in recent years has led to the decline of prices and ease of finding an account to purchase, as reported by Forbes.

Coincidentally, tools used for hacking and breaching accounts are being sold on the dark web for as little as $4 ranging from brute-force password crackers to account checkers.

Also Read: Common Customer Experience Mistakes You Should Avoid

Cybercriminal brotherhood

Cybercriminals had formed a community where when one shares breached credential databases, others quickly unscramble the passwords and convert them into plaintext format. The brotherhood continues as some individuals on the dark web then share the content for free.

According to Independent, the Chief Information Security Officer (CISO) of Digital Shadows Rick Holland said the massive number of breached accounts was shocking.

The official also revealed that some of the hacked accounts contained highly sensitive information or at least gave them access. Holland noted the breaches conducted by cybercriminals could be used for future hacks elsewhere.

It was also seen that the majority of compromised accounts were those whose usernames included the word "invoice" or "invoices," which gave access to accounts within organizations.

Digital Shadow revealed it could not check the authenticity of the accounts put up for sale without purchasing them. Experts noted the sales included accounts from large firms, corporations, and government organizations located in different countries around the world.

Security experts have urged the public to strengthen their online accounts by using individual credentials for every online service or account they use and to utilize security services such as two-factor authentication where applicable to increase their cybersecurity.

Online tools such as HaveIBennPwned could also be used to determine whether an account's email address has become a victim of cybersecurity breaches.

Tags
Breach, Accounts, Online
Real Time Analytics