Stories
Slash Boxes
Comments

SoylentNews is people

15 Billion Credentials Currently Up for Grabs on Hacker Forums

posted by Fnord666 on Thursday July 09 2020, @07:42AM   Printer-friendly
from the get-your-hot-fresh-credentials-here! dept.

upstart writes in with an IRC submission:

15 Billion Credentials Currently Up for Grabs on Hacker Forums:

Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet.

A report released Wednesday — "From Exposure to Takeover" by the Digital Shadows Photon Research Team — found that 100,000 separate data breaches over a two-year period have yielded a 300 percent increase in stolen credentials, leaving a veritable bonanza of account details on dark-web hacker forums up for grabs.

Most of the credentials are from consumers, and while many are sold on forums—for an average price of $15.43—many also are given away for free by hackers, researchers found.

[...] The credentials being flogged online vary in access and price, according to the report. They include usernames and passwords for everything from bank or financial accounts–which comprised 25 percent of the credentials analyzed–to video- and music-streaming services, to antivirus programs.

Unsurprisingly, credentials for bank and other financial accounts are also the most expensive to purchase, selling for an average of $70.91 a piece, researchers found. Indeed, data that puts potential financial gain on the table tends to be the most valuable to threat actors.

Data for accessing antivirus programs earned the second-highest price on hacker forums, at an average of $21.67. Threat actors apparently find access to media streaming, social media, file sharing, virtual private networks (VPNs) and adult-content sites far less valuable, with these credentials traded "for significantly under $1" on forums, according to the report.

While consumer credentials comprised the bulk of those researchers tracked, organizations are not immune to the risk of credential theft and potential reuse for nefarious purposes, particularly if financial gain is involved. The report uncovered 2 million accounting email addresses exposed online, with those referencing "invoice" or "invoices" the most commonly advertised on hacker forums, researchers said.

Original Submission

 
This discussion has been archived. No new comments can be posted.
15 Billion Credentials Currently Up for Grabs on Hacker Forums | Log In/Create an Account | Top | 16 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Interesting) by Anonymous Coward on Thursday July 09 2020, @04:36PM

    by Anonymous Coward on Thursday July 09 2020, @04:36PM (#1018706)

    hate to brag, but here goes.

    I remember once in 2003 i think, i was bored one evening and hacked this chinese forum with 3.something million accounts in the database i took copy of.
    I dont speak that language, so used it for the dictionaries and to exchange it for other databases.
    Note how the country i was living in at the time didn't have laws against that.

    It took about three minutes, no automated tools, no 0 days, just good old fashioned blind sql injection from a browser (its a fun game to play)

    Moral of the story: you can make a database like that in a month or so, if you're average like me.

    And yes, it'll be full of dupes.

    And don't get me started on their pricing crap, this is lamers catering to lamers.

    Hackers share. Criminals monetize.

    Starting Score:    0  points
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Interesting' Modifier   0  
    Total Score:   2