The sports category has moved to a new website.

Hackers are circulating more than 15 billion stolen logins on the dark web, where they sell for anywhere from $1 to $140,000

Hackers have been selling stolen login credentials on the dark web for years but a new audit this month shows just how rampant the practice has become.

  • More than 15 billion username-password pairs are circulating on the dark web, stemming from over 100,000 breaches, according to research from cybersecurity firm Digital Shadows. Five billion are unique.
  • The audit found that hackers make the most money selling stolen banking logins, with an average price of $70 each, while logins for video games and file sharing services are among the least valuable.
  • Visit Business Insider's homepage for more stories .

Hackers are circulating at least 15 billion stolen login credentials on dark web forums, according to a new audit from cybersecurity firm Digital Shadows .

The practice of sharing stolen logins is nothing new hackers routinely scrape usernames and passwords revealed through data breaches and resell them (or give them away for free) on the dark web. But the new audit presents a clearer picture of the scope of the problem.

Digital Shadows identified 15 billion username-password pairs stemming from over 100,000 data breaches, according to the report . Roughly 5 billion of those are unique.

ADVERTISEMENT

Some logins are more valuable than others while hackers share some passwords free of charge, logins for banks and other financial accounts sell for $70 per credential on average, according to the report. Logins for antivirus programs are priced the second-highest at $22 on average, while logins for video game platforms average just a few dollars per credential.

The dark web listings showed that hackers especially target people who work in organizations' financial departments the audit identified over 2 million accounting email addresses, and found that email addresses that contain "invoice" are the most frequently advertised.

Stolen logins can benefit hackers in multiple ways while a hacked financial account can enable them to steal money or commit bank fraud, hacked email addresses let them "move laterally" inside an organization by impersonating someone in order to gain that person's colleagues' trust and trick them into handing over even more information.

Accounts seen as especially valuable, like domain administrators for a small business or local government, are typically auctioned off on the dark web. Buyers will bid an average of $3,139 and up to $140,000 for such logins, according to the report.

ADVERTISEMENT

"Account takeover has never been easier (or cheaper) for cybercriminals," the report's authors wrote . "Attackers will find brute force hacking and credential-stuffing a virtual cakewalk."

The report recommends that people use password managers, enable two-factor authentication as much as possible, and change their passwords frequently in order to avoid stolen credential attacks.

See Also:

ADVERTISEMENT

Eyewitness? Submit your stories now via social or:

Email: news@pulselive.co.ke

Recommended articles

African countries with the highest divorce rate

African countries with the highest divorce rate

10 African cities with the highest crime index at the start of 2024

10 African cities with the highest crime index at the start of 2024

Machoka at 70: Emotions run high during Citizen TV presenter's birthday [Video]

Machoka at 70: Emotions run high during Citizen TV presenter's birthday [Video]

Diwali 2022: Is Monday a public holiday in Kenya?

Diwali 2022: Is Monday a public holiday in Kenya?

Akothee finally reveals reasons for separating from Omosh 1 month after wedding

Akothee finally reveals reasons for separating from Omosh 1 month after wedding

Man, once a ‘billionaire’, recounts how he lost wealth, now sells his book on streets [Video]

Man, once a ‘billionaire’, recounts how he lost wealth, now sells his book on streets [Video]

Details of Ngina Kenyatta's luxurious restaurant

Details of Ngina Kenyatta's luxurious restaurant

Zero Chills! Jackie Matubia's advice for Milly Chebby amid the unfollow drama

Zero Chills! Jackie Matubia's advice for Milly Chebby amid the unfollow drama

Nigerian royal dignitaries, including four kings and a queen, expected to attend Museveni’s 50th wedding anniversary celebrations

Nigerian royal dignitaries, including four kings and a queen, expected to attend Museveni’s 50th wedding anniversary celebrations

ADVERTISEMENT