Database Credentials in the Darknet Are Becoming Cheaper
Recent increases in data breaches at Russian companies have led to a drop in the price of their databases on the darknet. In 2024, the number of original databases appearing on hacker forums surpassed last year’s figures, but more than 60% of them are being distributed for free.
According to Kommersant, the price of databases on the darknet is noticeably decreasing, even as the number of leaks has slightly increased over the year. Experts from FACCT report that last year, 259 previously unpublished databases from Russian companies were discovered (compared to 246 in 2023).
This trend is confirmed by DLBI (Data Leakage & Breach Intelligence). According to the service’s founder, Ashot Oganesyan, the number of databases available for free has grown. Oganesyan attributes this to the activities of Ukrainian hackers, and also points to the overall volume of leaks, which now “exceeds the population of Russia several times over.”
He notes that just last year, the volume of leaked data increased by 70% compared to 2023, and prices for dumps containing only names and contact details, such as phone numbers and email addresses, “have dropped almost to zero.”
Positive Technologies estimates the share of free databases as high: 64% in the first half of the year, and 60% in the second half. “Overall, the number of databases distributed on the darknet is growing. In the second half of the year, we identified 53% more databases than in the first half of 2024,” says Yana Avezova, Senior Analyst at Positive Technologies’ research group.
According to the company, last year the price of 55% of databases on the darknet did not exceed $1,000. The average price for a leak without biometric or passport data in the first half of the year was $200–$300.
FACCT’s threat intelligence department estimates that only 10–15% of the total volume of leaked Russian company databases are put up for sale, “the rest are available online for free.”
Experts interviewed by the publication believe that some attackers aim to inflict maximum damage on Russian companies, so most databases were not sold at all but made freely available.
These tactics, along with the overall increase in leaks, mean that criminals can build a profile of their target with little effort. “Today, anyone can compile an almost complete database of Russians from the many free fragments offered on the darknet or Telegram channels,” concludes Ashot Oganesyan, founder of the data leak intelligence and darknet monitoring service DLBI.
Andrey Buslaev, an analyst at Kaspersky Digital Footprint Intelligence, believes that the situation with data leaks will continue to worsen in the near future. “In addition to the self-organization of new hacktivist groups, older ones are now training young specialists, teaching them by example how to hack large commercial organizations and the public sector,” Buslaev explains.