News and Press

15 billion pieces of stolen data now available on the dark web

A report by The Digital Shadows Photon Research Team has revealed that there are now more than 15 billion items of stolen data for sale on the dark web equating to two sets of account logins for every person on the planet.

The team spent 18 months auditing criminal forums and marketplaces and has concluded that the amount of stolen data has increased by 300 per cent since 2018. The research revealed that there is a significant amount of duplication, however, it is estimated that there are five billion unique pieces of information. This data goes for a premium, as it is likely to be newer and therefore more lucrative.

The average price for commercially traded logins was found to be £12.32, the more valuable credentials such as active bank account logins are more expensive coming in at an average of £56.65. However, some bank account data sold for as much as £399 depending on the net worth of the account and the freshness of the data.  Financial data accounted for 25 per cent of all advertisements for stolen data.   

The second most valuable account logins, with an average asking price of £17.30, were those for anti-virus and security solutions. Social media account logins typically commanded less than £7. 

When it came to domain administrator accounts that could give access to internal business networks the report reveals that these were usually sold by auction because of their value to criminal hackers, with an average of £2,505 and, in some cases, reaching a price of £95,732.  

The study also found that often usernames were given away for free as an enticement to buy showing just how commoditised personal data has become. With the growing number of data breaches the amount of data for sale should come as no surprise, nor the staggering increase in ID fraud cases around the world. What this study shows is that increasingly organisations need to put processes in place, not only to protect their customer’s data from breaches, but also processes that help detect fraudulent activity such as applications for credit made by someone that is known to be deceased.