The Usernames and Passwords of 15 Billion Accounts Have Been Exposed

15 Billion Usernames and Passwords Exposed

Your login credentials can get compromised. You can fall victim to a phishing scam, the service provider you're using may suffer a data breach, and if your passwords are not strong enough, cybercriminals could have no problems guessing them. But what happens after your login data falls into the wrong hands?

Researchers from Digital Shadows decided to find out. Yesterday, they issued a report in which they track a total of 15 billion credentials leaked during more than 100 thousand data breaches registered over the last two years.

Login credentials are sold all the time

It's easy to assume that once they've stolen your username and password, the first thing a cybercriminal would do is log into your account. More often than not, however, the crooks try to monetize the compromised data by selling it to other crooks. As you'll now see, it's a pretty profitable business.

Login credentials for all sorts of accounts and services are bought and sold on hacking forums and dark web marketplaces. Not surprisingly, some of the 15 billion username and password pairs were also offered for sale, and Digital Shadows' researchers kept a close eye on the listings in order to find out more about the nature of the stolen data and the profits it could bring.

About a quarter of the credentials offered for sale unlock accounts at banks or other financial institutions, which proves, as if proof was needed, that cold hard cash is the main motivation for most cybercriminal activities.

13% of the offered credentials protect accounts at streaming services like Netflix, which, once again, is hardly shocking. Compared to paying for a subscription, using a stolen password is much cheaper, and often, the owner of the compromised account remains none the wiser for an extended period of time.

Roughly the same percentage of advertised passwords give buyers access to proxy and VPN services. These could be useful if the crooks want to cover their tracks during or after a cyberattack.

Hackers also sell millions of other passwords that open anything from social media profiles to accounts at file sharing-platforms and adult websites.

How much does your password cost?

The pricing of the stolen credentials is based on rock-hard logic. The older a password is, for example, the more likely it is to become invalid soon (if it hasn't already), and therefore, the cheaper it is. The price of a set of compromised credentials is also dependent on the type of account they unlock.

On one end of the scale, you have hackers selling network administrator passwords for anything between $3 thousand and $140 thousand. These prices look astronomic, but according to the adverts, with the sold credentials, the buyer could get unabridged access to the internal networks of some pretty large organizations. The damage and the subsequent profits that can be made after such an attack are truly enormous. The majority of the compromised accounts, however, are personal and are therefore much cheaper.

Predictably, online banking passwords command a higher price. Once again, it is dependent on a number of different factors, but Digital Shadows estimated that, on average, a set of login credentials for a bank or a financial institution goes for about $71.

Somewhat surprisingly, compromised subscriptions for anti-virus products take the second place. On average, they are sold at around $21 per account, which goes to show that the hackers are willing to pay for security.

The rest of the credentials are either sold in bulk at less than $10 per set or are shared for free, and their affordable price makes them perfect for hackers trying to launch credential stuffing attacks.

Digital Shadows' report is a very grim reminder of the state of cybersecurity. Your login credentials are compromised on a daily basis, and your identity is traded on the underground markets for peanuts. It doesn't look like things are about to change any time soon, either. Apparently, in just two years, the number of usernames and passwords in circulation has registered a 300% jump, and the constant stream of data breaches and leaks we read about every day doesn't suggest that the trend is about to be bucked.

By Duran
July 9, 2020
News
English
July 9, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

How to Enable Windows to Remember Your Accounts and Passwords Automatically

Your average Windows user visits a bunch of online sites that necessitate a username and password for authentication. We generally recommend that you use different passwords for different places but, with so many... Read more

May 10, 2019
News

Users' Passwords Exposed During a Hack of Pornographic Websites

Let's say a moderately popular online game that you play gets hacked. You've used a personal email address that's reserved mostly for junk mail. Alongside it, the hackers steal your home IP address, the nickname you... Read more

October 23, 2018
Password Security

Overcoming the Challenge of Protecting Your Accounts With Strong Passwords

Securing your online accounts with complex passwords. How hard can it be? Those of you who know that a three-and-a-half-inch floppy disk isn't, in fact, a 3-D printed copy of the Save icon might also remember the... Read more

April 4, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.