Over 15 Billion Stolen Username & Passwords for Sale On the Dark Web

Recently, the cybersecurity experts of Digital Shadows detected usernames, passwords, and other different login data from online bank accounts, and also from the music & video streaming services. 

According to the security reports, the security experts have discovered nearly 15 billion stolen usernames and passwords, and they are available on the Dark web forum for sale.

15 Billion username and passwords were compromised

Along with the 15 billion credentials, recently, the team of digital shadows Photon research has reported that they have also found 100,000 separate data breaches from “Exposure to Takeover” for over two years. 

And they have generated a 300 percent increment in stolen credentials since 2018, conveying a real bonanza of account details on dark-web hacker forums up for sale.

But, apart from this, there is an element of financial dealing of stolen login credentials to promote the criminal account to take over the market. Therefore the Digital Shadows experts discovered that many account details were given away free of cost. 

Here the average cost for the commercially sold logins was $15.43, but the price may vary if there are more valuable credentials like the current bank account logins, they are enjoined as premium.

Tools and Methods Used by The Hackers

The Digital Shadows Photon Research team has been analyzing these events from the last 18 months. They are focusing on how the cybercriminals plan to prey against users of online services by “taking over” their accounts, which they all use them on day to day basis, for banks, to stream videos or music, for work, and many more things. 

Here the hackers gain access to different credentials by using several methods and tools like:-

  • Burp Suite Professional application
  • Hydra
  • Phishing
  • WarBot botnets
  • Credential-stealing malware
  • Zeus
  • Sentry MBA account cracker
  • Credit-card skimmers

The security experts have also mentioned that these methods are not easier for hackers to boost sensitive data from user accounts. In this research, the experts have concluded that the hackers have mostly attacked 10 popular sectors and here they are:-

Data involved

Apart from this, the data that are compromised by the hackers in these operations are mentioned below:-

  • Passwords that have a similar name like “invoice” and “invoices.” 
  • Username of the users.
  • Information regarding the current and savings bank account. 
  • Data from music and video streaming services to target big companies and businesses.

While verifying the legality of the data that the vendors indicate to own outwardly buying, it will be inadequate. The experts asserted that the listings included those for large companies and government organizations in multiple countries.

That’s why the firm’s experts declared that they had encountered dozens of adverts for domain admin access, and in various cases, these were being sold between $500 and $120,000, with an average selling price of $3139. 

The Digital Shadows Photon Research team has reported that cybercriminals are frequently shifting their consideration to methods that evade two-factor authentication. 

Therefore, the team has recommended to all the internet users to utilize individual passwords for each online service that they use with two-factor authentication enabled if possible.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

Massive Data Leak Exposes US Energy Sector To Cyber Attack – 70,000 Private Files Leaked

42 Million Iranian “Telegram” User IDs and Phone Numbers Leaked Online by Hacker Group

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.