Every person on the planet has at least two compromised accounts, whose credentials are being sold on the dark web, right now.
This is according to a new report from risk prevention specialists Digital Shadows, which notes that 15 billion credentials are sold online at the moment, a result of more than 100,000 different data breaches.
Obviously, not every person on the planet has two accounts (or access to the internet, to begin with), so obviously, millions of people have had multiple accounts compromised. Out of those 15 billion, five billion were unique – meaning they weren't being sold or advertised before, or anywhere else.
Most of these credentials are for consumer services and not enterprise, but these were also cheaper. Those credentials that could give access to corporate systems (most often those with keywords such as 'invoice', 'payments' or 'partners') tend to go for higher prices.
An average account costs around $15, with bank accounts going for roughly $70.
Domain admin access sells for around $3,100 (the cheapest ones go for $500, and the most expensive ones for as much as $120,000).
Digital Shadows also reported of account takeover-as-a-service, where criminals don't buy credentials from other criminals, but rather rent them out for a while, as these come with cookies, IP addresses or timezones, allowing criminals an easier way to take over accounts or conduct financial transactions without being spotted.