Billions of stolen usernames and passwords discovered for sale on the Dark Web – with bank accounts being flogged for as little as £56
- Cybersecurity firm Digital Shadows said it found more than 15 billion credentials
- Bank account details were available for between £56 and £400 apiece
- Five billion of the identified credentials were assessed to be unique
Billions of stolen usernames and passwords, including log-ins to bank accounts, are being offered to cybercriminals on the dark web, new research suggests.
Cybersecurity firm Digital Shadows said it found more than 15 billion credentials in circulation on online marketplaces used by criminals.
It said account details were available for a variety of account, ranging from bank details to music streaming services.
For the latter, prices were available, on average, for around £12.
However, bank and financial service accounts are on sale for an average of £56. But the price can spike to excess of £400 for access to ‘high-quality accounts’.
Cybersecurity firm Digital Shadows said it found more than 15 billion credentials in circulation on online marketplaces used by criminals (stock)
Five billion of the identified credentials were assessed to be unique in that they had not been advertised more than once on a criminal forum.
According to the research, banking and financial accounts made up around a quarter of those advertised.
The cybersecurity firm said the number of stolen credentials available had quadrupled since 2018 as a result of more than 100,000 data breaches.
Rick Holland, chief information security officer and vice president of strategy at Digital Shadows said: ‘The sheer number of credentials available is staggering and in just over the past one-and-a-half years we’ve identified and alerted our customers to some 27 million credentials – which could directly affect them.
Account details were available for a variety of account, ranging from bank details to music streaming services. For the latter, prices were available, on average, for around £12. However, bank and financial service accounts are on sale for an average of £56 (stock)
‘Some of these exposed accounts can have – or have access to – incredibly sensitive information.
‘Details exposed from one breach could be reused to compromise accounts used elsewhere.
It urged the public and businesses to follow basic cybersecurity principles, such as using different passwords for different accounts and activating additional layers of security for log-in such as two-factor authentication.
The research warned that many online tools which could be used to target accounts were available to buy online for less than £3.50 and can be used with little technical expertise.
Digital Shadows’ research also warned that as well as individuals, credentials providing access to large organisations and their systems were also being advertised.
Kate Bevan, Which? Computing Editor, said: ‘The huge market for stolen data goes to show why banks and other firms that hold their customers’ sensitive information must do more to protect it from hackers, such as using two-factor authentication as standard.
‘Anyone worried about their personal data being compromised can take steps to protect themselves online, such as using strong and unique passwords across different sites, using a password manager to keep on top of them, and ensuring their computer is protected with regularly updated antivirus software.
‘If you believe your data has been hacked, watch out for any suspicious emails or attempted scams, update your passwords and keep an eye on your accounts for any unauthorised activity.’