Skip to content
Techzine
Techzine / News / Security / ’15 billion credentials are sold on the dark web’
  • Hubs
    • Cloud
    • Collaboration
    • Data
    • Devops
    • Infrastructure
    • Security
    • Trends
    • Workplace
  • General
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Europe
  • Techzine Netherlands
  • Techzine Belgium
July 10, 2020 15:19July 102 minJouri Altorf Security

’15 billion credentials are sold on the dark web’

’15 billion credentials are sold on the dark web’

Get a free Techzine subscription!

Credentials of 15 billion accounts are being sold on the dark web, according to research by Digital Shadows. The price ranges from under ten euros for access to streaming websites to about 100.000 euros for access to large companies.

The research ‘From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover‘ was the result of an eighteen-month study by security researchers from Digital Shadows. The team eventually found 15 billion credentials that had been obtained through 100.000 data breaches, of which 5 billion were unique.

The research also revealed that the number of stolen usernames and passwords in circulation has increased by 300 percent since the last research was conducted in 2018. The log-in data of customers turned out to be the most common with an average selling price of 13.62 euros. Credentials for financial institutions such as banks were the most valuable with an average selling price of 62.59 euros. Of all the advertisements on the dark web, 25 percent belongs to this category.

Access to antivirus programs also proved popular with an average price of 19.13 euros, but access to media streaming sites, social media, file sharing, and VPNs was sold for less than ten euros.

Access to large companies

Credentials for essential business systems of large (and smaller) companies are also traded on the dark web, but prices are much higher. These credentials are sold at an auction to the highest bidder and researchers at Digital Shadows came across figures ranging from 441 euros to 106.000 euros with an average of 2770 euros.

A new noteworthy development is that of the ‘account takeover-as-a-service’ where criminals can rent the login details of an account for a certain period of time, often for less than 10 euros.

Digital Shadows finds the number of available login details shocking. “Some of these exposed accounts can (or do have access to) incredibly sensitive information. Details uncovered by one breach can be re-used to compromise accounts used elsewhere.”

Tip: Why cybercriminals use forums and the dark web on a large scale

Read more

  • Amazon commits more than $10 billion to Project Kuiper

    August 4 2 min Infrastructure

  • Why cybercriminals use forums and the dark web on a large scale

    June 19 6 min Security

  • European Parliament affected by a major data breach

    May 21 1 min Security

  • 300 million daily Zoom users, new vulnerabilities discovered

    April 27 2 min Collaboration

Tags

account takeovercredentialDark webdata breachLogin

Recent in Security

Instagram is facing a lawsuit over illegal biometrics harvesting
August 13 2 min Security

Admins will now be able to run phishing simulations on Office 365
August 13 2 min Security

Gmail and AOL become a key target for cybercriminal activities
August 12 2 min Security

Jobs

Officier ICT – VWO

Heel Nederland Full time

Networking Specialist

Utrecht Full time

SAP Beheer- consultant

Wommelgem Full time
Back to overview

Post navigation

Previous articleKong’s Kuma joins Cloud Native Computing Foundation
Next articleNot many enterprises can depend on their supply chains right now

Popular articles All In-depth News Events Experts

Google has released the third and final beta of Android 11
August 10 2 min Devops

Apple wants Prepear to stop using the pear in its logo
August 12 2 min Trends

Review: OnePlus Nord is almost the ideal mid-range smartphone
August 8 7 min Workplace

Review: Samsung Galaxy XCover Pro – for field workers
July 27 7 min Workplace
September 1

ISS Europe 2020
September 1 Avenue Louise 71, Brussels
September 1

Mendix World 2020
September 1
Experts talk

It’s not security. It’s education
June 24 5 min Security
Experts talk

ServiceNow: “The digital workflow revolution has only just begun”
June 19 2 min Cloud

Working in silence: these are the best noise cancelling headphones
August 1 11 min Workplace

Enthusiasm but also doubts about Dell’s strategy change
August 10 6 min Trends

Should Europe compete for technological world domination?
August 12 8 min Trends

Appian continues to specialize in low-code automation and adds RPA
July 29 6 min Devops

Qlik BI switches to end-to-end data platform
August 4 4 min Data
September 8

.NEXT Digital Experience
September 8
September 23

Belgian Cloud Summit
September 23 Docks Dome Event Hall, Brussels
September 28

VMworld
September 28
October 21

Dell Technologies World
October 21
October 27

Internet of Things Convention Europe
October 27 Lamot Congress Center Mechelen
October 28

Belgian Cyber Security Convention
October 28 Lamot Congress Center Mechelen

CIA finds no evidence of Chinese TikTok espionage
August 10 2 min Security

Android phones in danger due to hackable Qualcomm chip
August 11 2 min Security

Google launches ‘people cards’ to compete with LinkedIn
August 13 2 min Trends

Instagram is facing a lawsuit over illegal biometrics harvesting
August 13 2 min Security

Google introduces Smart Compose in mobile apps
August 10 2 min Devops

Microsoft Surface Duo smartphone available on September 10
August 13 1 min Workplace

Techzine Europe - Brings Tech to Life!

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Techzine Service

  • More information / Advertising
  • Contact
  • Terms & Conditions
  • Privacy Statement
  • Copyright Dolphin Publications
Techzine uses cookies
We use cookies on our website to give you the most best experience by remembering your preferences. By clicking “Accept”, you consent to the use of all the cookies. You can visit Cookie Settings to provide a controlled consent.
Cookie settingsACCEPT COOKIES
Privacy & Cookies Policy

Privacy statement

Click here to read our privacy statement.
Functional
Always Enabled
CookieTypeDurationDescription
_gapersistent2 yearsBasic Google Analytics cookie for identifying visitors on our website. We run a limited version of Google Analytics for visitors that haven't agreed on any cookies yet, where data is anonymized and marketing features are disabled.
_gidpersistent1 dayBasic Google Analytics cookie for identifying visitors on our website. We run a limited version of Google Analytics for visitors that haven't agreed on any cookies yet, where data is anonymized and marketing features are disabled.
cli_user_preferencepersistent1 yearThis cookie makes this cookie bar work. Your cookie preferences are saved in cookies, so we remember your preferences during your next visit.
cookielawinfo*persistent1 yearThese cookies make this cookie bar work. Your cookie preferences are saved in cookies, so we remember your preferences during your next visit.
darkmodepersistent1 yearThis cookie decides if the website should be turned to darkmode or can stay normal.
hidecountrypersistent1 yearThis cookie is set when you are visiting Techzine from a different country than it's target market. You can get the advise to visit the local Techzine version, if you close this message, you won't be reminded because of this cookie.
PHPSESSIDsession1 dayThis cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policypersistent1 yearThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_*session30 daysWordpress uses multiple cookies so the editorial team can log into the back-end. Visitors usually don't get these cookies.
wp-*session30 daysWordpress uses multiple cookies so the editorial team can log into the back-end. Visitors usually don't get these cookies.
Personalization
CookieTypeDurationDescription
crp_lastvisitthird party1 yearThis cookie is also part of the personalised feed, we keep track of when you visit and when you last visited. Based on those dates we can offer you a better overview of articles you have mist in the meanwhile you were gone.
crp_visitthird party1 yearThis cookie is also part of the personalised feed, we keep track of when you visit and when you last visited. Based on those dates we can offer you a better overview of articles you have mist in the meanwhile you were gone.
crphthird party1 yearThis cookie contains the hash of the contentreveal platform, which Techzine uses to offer newsletter and personalisation services. Without this cookie you can not use your personal feed or edit your Techzine account details.
Analytics
CookieTypeDurationDescription
__cfduidthird partyVery shortThis cookie is being used by our e-mail system to track users across our website.
_gat_*session1 minuteGoogle Analytics uses this cookie. With this cookie, we still cannot see any personal information. We can, however, better understand our visitors, for example, from which countries and cities they come.
cmp*third party30 daysThis cookie is being used by our e-mail system to track users across our website.
prism_*third party30 daysThis cookie is being used by our e-mail system to track users across our website.
Marketing
CookieTypeDurationDescription
bcookiethird party2 yearsThis cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
bscookiepersistent2 yearsThis cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
langthird partyVery shortThis cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
lidcthird party1 dayThis cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
UserMatchHistorythird party30 daysThis cookie is used by LinkedIn Insight to track which profiles are visiting Techzine. LinkedIn Insight gives us insight in the company sectors and function titles that visit the website. We cannot identify individual users based on these statistics.
Save & Accept