More Than 15 Billion Stolen Credentials Are Circulating Out There

  • Stolen credentials are sold by the billions today, as we have about 185 data breaches per day.
  • Almost one-third of the stolen credentials are unique pairs that aren’t used anywhere else.
  • Hacking people’s accounts is becoming more streamlined, easier, cheaper, and more profitable.

Digital Shadows has been collecting data over the past 18 months, trying to figure out the scale of the business that is set up around the bartering of stolen user credentials. What they have found is not unexpected, but the numbers are presenting an unprecedented scale of operations. In total, there are over 15 billion credentials in circulation out there, which is 300% up compared to what was going on back in 2018. These credentials come from 100,000, or potentially even more individual data breaches, which is another way of saying that the whole situation is out of control and that data security is just an illusion.

hashes
Source: Digital Shadows

With the average person having accounts on 191 online services, it is natural to see many duplicates in there. People are reusing their passwords or passphrases across a set of websites and services, so this is to be expected. However, 5 billion out of the total 15 billion are unique credentials.

listing prices
Source: Digital Shadows

Other interesting stats given in the report include the following:

  • Bank and financial accounts are sold for an average of $70.91 per piece.
  • “Regular” credentials are sold for an average of $15.43, while many are shared for free.
  • AV accounts are sold for around $21.67, while media streaming, VPN, and social media accounts are traded for less than $10.
  • Access to compromised company networks is sold for an average of $3,139, and up to $120,000.
  • About two million accounting email addresses are compromised, and actors are using them for phishing and BEC operations.
  • Hacking and taking over someone’s account costs an average of $4 (for brute forcers).
  • “Sentry MBA” remains the most popular credential stuffing tool, while “OpenBullet” is a rising star.
  • Fingerprint markets like the “Genesis Market” are on the rise.
  • The sector with the most breached credentials is that of technology (31%) because it can serve as a pivot point.

openbullet
Source: Digital Shadows

There’s a clear conclusion that can be drawn from the above, and this is that hacking accounts and cracking protection systems like 2FA have now become an industrialized process. It takes place in an egregious scale that leaves no one untouched. Not finding yourself in one of the 100,000 breaches is statistically improbable. At the same time that the most skillful and notorious hacker groups are focusing their efforts on big companies, there are swarms of not so tech-savvy actors who are infesting every little piece of the internet, looking for low-hanging fruits.

RELATED:

REVIEW OVERVIEW

Latest

How to Watch Westworld Season 4 Online From Anywhere

The fourth season of your favorite science fiction dystopian TV series is set to premiere soon, and we know you want to...

How to Watch 2022 BET Awards Online From Anywhere

The 2022 BET Awards are here, so be ready to celebrate African American entertainers who have excelled in the field of music,...

How to Watch Jack Osbourne’s Night of Terror: Bigfoot Online From Anywhere

Discovery+ is here with a new 2-hour special featuring Jack Osbourne, and we're looking forward to watching it online. If you're interested...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari