Skip to main content

Over 15 billion stolen credentials are for sale on the dark web now

(Image credit: Image Credit: Christiaan Colen / Flickr)

Every person on the planet has at least two compromised accounts, whose credentials are being sold on the dark web, right now. 

This is according to a new report from risk prevention specialists Digital Shadows, which notes that 15 billion credentials are sold online at the moment, a result of more than 100,000 different data breaches.

Obviously, not every person on the planet has two accounts (or access to the internet, to begin with), so obviously, millions of people have had multiple accounts compromised.  Out of those 15 billion, five billion were unique – meaning they weren't being sold or advertised before, or anywhere else.

Most of these credentials are for consumer services and not enterprise, but these were also cheaper. Those credentials that could give access to corporate systems (most often those with keywords such as 'invoice', 'payments' or 'partners') tend to go for higher prices.

An average account costs around $15, with bank accounts going for roughly $70.

Domain admin access sells for around $3,100 (the cheapest ones go for $500, and the most expensive ones for as much as $120,000).

Digital Shadows also reported of account takeover-as-a-service, where criminals don't buy credentials from other criminals, but rather rent them out for a while, as these come with cookies, IP addresses or timezones, allowing criminals an easier way to take over accounts or conduct financial transactions without being spotted.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.