Darkreading.com reported that “a stunning 15 billion credentials circulating on the Dark Web and in underground marketplaces. The compromised credentials from over 100,000 breaches in recent years were associated with a wide range of accounts, including domain administrator accounts, bank and financial accounts, and social media and video-streaming service accounts.” The July 8, 2020 report entitled “Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets” included these comments:
Prices in criminal marketplaces for these credentials ranged from an average of $3,139 for domain admin accounts to $70.91 for bank accounts, $21.67 for account access for antivirus programs, and less than $10 for credentials to adult sites.
Usernames and passwords for video game accounts and file-sharing sites were available for less than $2 a pop.
Credentials to high-value accounts — such as bank accounts confirmed to have a certain amount of funds or accounts with privileged access to large enterprise networks and systems — tended to fetch much higher prices.
…dozens of advertisements on underground forums for admin accounts being auctioned to bidders at prices ranging from $500 to $120,000.
Many of these premium credentials had usernames — such as "invoice," "invoices," "payments," and "partners" — that suggested they were associated with financial accounts.
Unfortunately it's too late for you to start protecting your credentials!
Originally published by Foley & Lardner, July 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
