Digital Shadows warned that over 15 billion credentials are exposed on the dark web for sale and some of them are even available for free.
A recent study revealed that over 15 billion credentials are in circulation via the dark web, representing a 300% increase since 2018. Available information ranges from network access credentials, banking login data, and even streaming services accounts from Netflix.
According to research conducted by the cybersecurity firm Digital Shadows, part of the leaked data is even circulating for free.
The report warns that the reason that so many account credentials are available online is that people are using non-complex passwords that can be easily brute-forced using hacking tools.
Access to corporate networks as an open door for ransomware attacks
Among the most valuable leaked credentials include access to corporate networks. This data type can fetch prices of up to $120,000, and have an average cost of $3,139, depending on factors like the company’s revenue.
The circulation of such data implies that ransomware gangs may use such access to infiltrate an entire network. This would allow them to deploy the malware of their choice, and ultimately hold these networks for ransom.
Bank login details from individuals are being sold with an average price of $70.91, while access for antivirus programs costs $21.67 on average.
Enabling two or multi-factor authentication to secure login credentials
Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, warned:
“An enormous number of users’ credentials are exposed on a daily basis in a myriad of ways, from phishing to malware attacks to data breaches. The consequences of exposure may be minor, such as in the case of leaking Netflix logins, or extremely serious – leaked banking credentials, for example.”
While there is no “silver bullet” to this problem, Callow says that people can limit the likelihood of their accounts being compromised by using strong passwords, “never reusing passwords using an antivirus solution, keeping their operating system current with patches and, most importantly, using two- or multi-factor authentication on all services which support it.”
Research by cybersecurity firm, Cyble Research Team, revealed that on May 29, data for more than 80,000 credit cards were put up for sale on the dark web. The data from these cards appears to have been gathered from various countries around the world.
Cointelegraph also reported that a hacker gang known as “Keeper” established an interconnected network to steal credit card data from over 570 e-commerce sites. Since 2017, they have profited around $7 million in crypto by selling card information through the dark web.