Your personal details are almost certainly for sale on the Dark Web now
Account takeover has never been easier for cybercriminals
Over 15 billion stolen online details are for sale on the Dark Web right now, according to a shocking new report.
According to new research from Digital Shadows, the number of stolen credentials currently available for purchase is equivalent of more than two for every person on the planet. This figure has risen by 300% since 2018 as a result of more than 100,000 separate breaches.
Of the 15 billion stolen credentials estimated to be for sale online, more than five billion were assessed to be 'unique' as they have not been advertised more than once on cybercriminal forums. The study also found that the majority of exposed credentials belong to consumers and include usernames and passwords from bank accounts to streaming services for video and music.
- These are the best password managers on the market
- We've also put together a list of the best privacy apps for Android
- Keep your devices protected online with the best antivirus software
While many account details are offered for free on the Dark Web, the average price of those on sale is $15.43. Bank and financial accounts are the most expensive though, averaging at $70.91 but some trade for more than $500 depending on the quality of the account.
Dark Web sales
Digital Shadows says it alerted clients to 27.3 millio username and password combinations in the last 18 months. However, account takeover has never been easier or cheaper to do for cybercriminals. This is because a large variety of brute force tools and account checkers are available on Dark Web marketplaces for an average of $4 which can be used with little technical expertise.
While conducting its study, Digital Shadows also observed the growth of account takeover-as-a-service. Instead of buying credentials, cybercriminals can rent an identity for a given period for less than $10 on sites such as the Genesis Market. For the price, these services collect fingerprint data from an individual as this makes it considerably easier to perform account takeovers and transactions that go unnoticed.
"The message is simple – consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised," noted CISO and VP of Strategy at Digital Shadows, Rick Holland.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- We've also highlighted the best VPN services
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.