Industry Updates

Billions Of Breached User Credentials Are Available For Purchase

On a regular basis, we see headlines talking about how this or that company got hacked and X number of employee or customer logins got exposed. However, since those headlines happen in isolation, it’s easy to lose sight of the bigger picture. A trip to the Dark Web will reveal just how big of a problem the world faces. If you dare venture into those waters, you’ll find literally billions of user accounts for sale.

In fact, by scouring various forums on the Dark Web, you can find more than fifteen billion credentials for sale, and more than five billion of them are unique.

Typically, hackers sell login credentials by company, but some larger collections are aggregated by industry. Of those, user accounts and passwords from non-financial service companies including VPN, the adult industry, the video game industry, and social media tend to be the least expensive. They tend to be sold for less than twenty dollars. Contrast that with user accounts and passwords from the financial services sector average about $70 each.

The real money though, is in accounts where a hacker can confirm a bank balance for an online bank account. In those instances, depending on the confirmed balance, the credentials can go for $500 or even more.

The most expensive login credentials on the web are those with confirmed domain admin access. These are not sold at a fixed price, but rather, auctioned to the highest bidder. They average more than $3,000 per account, but in one instance, sold for a staggering $120,000.

The bottom line here is simply this: Your information is valuable, and there’s a largely invisible market for your login information. Guard it closely and make sure your passwords aren’t easily guessed. When a company you do business with is hacked, don’t take any chances. Change your password immediately. Don’t become a statistic.