More than 15 billion stolen login credentials are being sold on the dark web, according to information obtained by cybersecurity company ESET. An average of $ 15 is requested for passwords on sale.
Criminal services offered on the dark web continue to amaze. More than 15 billion stolen account information is available for anyone to buy on cybercrime forums, according to information from cybersecurity agency ESET’s research from the US-based company Digital Shadows. 5 billion of these are thought to be unique, that is, for the first time on sale.
100 thousand data breaches
Usernames and passwords found in cybercrime markets, especially those in the dark web, come from 100,000 separate data breaches, including financial accounts, streaming services, and even access information for administrator accounts that provide access to key systems of organizations.
300% increase in the number of stolen credentials
Researchers spent a year and a half analyzing tactics used by fraudsters to exploit stolen account information and found that the amount of credentials stolen has increased by 300 per cent since 2018.
Passwords are $ 15 each
Most of the stolen login credentials belonging to consumers. An average of $ 15 is requested for the accounts put up for sale. However, depending on the type of access they provide, the price can rise or fall. The highest price is being charged for financial and banking accounts at $ 70 per account. The remaining accounts, which include online media accounts, social media, and other services, can be purchased for less than $ 10.
Consumers are just the tip of the iceberg; the perpetrators have their eyes on the bigger fish they want to catch. Accounts that can allow them to infiltrate an organization’s important systems are offered for sale by auction and can earn over $ 3,100. It is reported that the most valuable account found buyers for 120 thousand dollars.
How is all this information captured?
There is the option of attacking a company’s database and stealing its data, but of course, there are other ways. These include collecting this information using phishing campaigns and compromising the security of machines with malware such as keyloggers. It is also among the methods to buy login credentials from markets or to use the information provided free of charge in forums.
How will you protect yourself?
There are some steps you can take to reduce the risk of stealing your username and password. These;
- Do not use the same password on more than one service. You must use a strong and unique password for each of your online accounts. Even a password manager can be very useful here.
- Use multi-factor authentication, which is the easiest way to add an extra layer of security to your account.
- If a service you use is compromised, change your password on all services you use. Change these passwords as well by checking whether you are using a variation of this password on other services.
- Be wary of any phishing attempts. Don’t click on suspicious-looking links or attachments.
- Use a reputable security solution.