15 Billion User’s Information Is For Sale On Hacker’s Forum

Data exfiltration still continues to be a problem for global users, and the heart of this problem is nothing other than compromised users and their information. According to a report from Digital Shadows Photon Research, around 15 billion credentials are found circulating on hacker’s forums which can lead to problems like account take over, identity theft, and more other kind of cyber crime traits.

“On an avertage, a person probably uses around 191 services which require them to feed details like passwords or other credentials.” according to what researchers have to say. And this necessity leads to a very big problem specially in case if the user uses same details and credentials over various services.

In order to find out the risks associated with compromised accounts, the expert’s team examined some approaches to account takeovers. The discovered report is based on information taken from database of Digital Shadows SearchLightTM service, which use to maintain a database of breached credentials and thoroughly searches for criminal’s forums for attacker’s trends, data dumps, advertisements and other possible tools.

Statistics about account takeover and user’s credentials

As per the researchers, they have found around 15 billion user credentials for sale on black internet market running underground. These details are actually originated from more than 100,000 data breached, in which around 5 billion are unique ones.

From where these information are exfiltrated?

Based on reports from experts, some of those information are login credentials from various social media platforms, streaming sites, VPN, file sharing networks, video games, and adult online sources. These details are found to be cheapest on sale with a price tag of around $15.43 and are quickly being distributed in black underground market.

In those advertisements on hacker’s forum, one of the offer also noticed which included accounts related to banking and financial services, and these details are priced to be more expensive, around $70.91 for each pair of detail. Also, the price can be higher in case if there a confirmed balance for a banking account and availability of PII. In such instances, the price will be up to $500. these banking information are mostly favored among cyber criminals, and the most valuable credentials are however related to privileges accounts, as per what the Digital Shadow’s reports clarifies.

Details about underground markets for compromised credentials

In the underground market, renting various account access is considered as a service, and the researches are following those emergence and rise in certain markets that offers such services. What is worth to note down is, such markets often use their own trojans or botnets to harvest sensitive details or credentials. But, despite of buying such credentials permanently, one can also rent those details or identity for a certain time, and this kind of rent can be accomplished even in less than $10. however the price of these are completely dependent on some factors like data types, and associated demands.

In such black underground market, there also get sold more other details like browser fingerprint data, cookies or IP addresses, time zones, and so on. These collected details actually makes it easier for criminals to carry out account takeovers and transactions without being by cyber crime authorities.