15 Billion Stolen Credentials Discovered on the Darknet

Experts from Digital Shadows have uncovered 15 billion stolen credentials being traded on various underground marketplaces in the darknet. These compromised credentials were obtained from over 100,000 breaches and provide access to a wide range of accounts, including domain administrator accounts, banking and financial accounts, as well as social media and streaming service accounts.

Pricing on Underground Marketplaces

The prices for such information on underground marketplaces vary significantly. On average, banking account credentials sell for about $71, access to antivirus software accounts for $21, and domain administrator accounts can fetch up to $3,100. Login details for video game and file-sharing site accounts are available for less than $2 per account.

According to experts, credentials for financial accounts with confirmed balances or accounts with privileged access to large enterprise networks and systems are sold at much higher prices. Dozens of advertisements for administrator accounts have been found on underground forums, with auction prices ranging from $500 to $120,000.

Most Sought-After Account Types

Overall, 25% of listings for stolen and leaked credentials were related to banking and other financial accounts. Other popular categories included streaming service accounts, proxy/VPN accounts, and cable TV accounts.

Why the Threat Is Growing

Specialists note that the threat from breaches is worsened by the widespread habit of internet users reusing the same, often easily guessed, passwords across multiple accounts. Tools like Sentry MBA and OpenBullet have made it easier for cybercriminals to test millions of login and password combinations. As a result, attackers can use credentials obtained from one breach to attempt access to other accounts.

Rapid Growth in Stolen Credentials

According to Digital Shadows’ research, the number of compromised credentials available to cybercriminals on the darknet has increased by 300% since 2018. Experts estimate that out of the 15 billion stolen credentials, about 5 billion are unique.

Illegal Marketplaces and Account Rentals

Illegal marketplaces such as Genesis Market, UnderWorld Market, and Tenebris allow criminals to rent access to various types of accounts, including e-commerce, streaming, and social media accounts, sometimes for as little as $10 for a set period of use.