Stealers Stole 2.5 Million Logins and Passwords from Russian Websites

Over the past five years, cybercriminals have used stealers to obtain logins and passwords for 443,000 websites worldwide, according to experts from Kaspersky Lab. In the Russian segment (.ru), 2.5 million pairs of logins and passwords were stolen.

After analyzing stealer logs published on the dark web, specialists concluded that in 2023 alone, user data from about 10 million devices was compromised by stealers. This is roughly seven times more than in 2020. On average, attackers steal 50.9 combinations of logins and passwords from a single infected device. The stolen data can then be used for further attacks or sold and distributed on underground sites or Telegram channels.

In 2023, the largest number of stolen logins and passwords came from websites in the .com domain—almost 326 million. The top five also include the Brazilian domain .br with data from 29 million accounts, the Indian domain .in with 8 million, the Colombian domain .co with nearly 6 million, and the Vietnamese domain .vn with more than 5.5 million.

“The number of stealer log files found on the dark web decreased by 9% compared to 2022, but this does not mean that demand for logins and passwords among cybercriminals has dropped. We do not rule out that some credentials compromised in 2023 will appear in the shadow segment of the internet this year, 2024. Therefore, the real number of infections is likely even higher than 10 million. According to our estimates, it could reach 16 million,” commented Sergey Shcherbel, cybersecurity expert at Kaspersky Lab.

Researchers note that the price of logs with credentials varies depending on the type of data and the method of sale. Sales can be conducted through a subscription service that regularly uploads new data, or through a shop that sells credentials to a single buyer. Prices in such shops usually start at $10 per log file.