These include administrator accounts, bank accounts or streaming services. Everything has value in Dark Web, according to the company Digital Shadows, which has spent 18 months analyzing how hackers gain access to stolen accounts and how it is cheaper and easier than ever for criminals.
5 billion leaked credentials are unique
In fact, there are so many stolen accounts, that many of them are simply shared for free in the hacking forums, or even appear on the normal web on pages like Pastebin. Many of the accounts are repeated, but the researchers found that at least 5 billion credentials accounts for sale They are unique.
The most expensive credentials are those belonging to administrators of organizations such as companies or networks, which can be sold for $ 120,000. The average administrator account costs about $ 3,139, but having access to a company can bring a much greater benefit in documents and confidential and highly sensitive information, as well as introducing a ransomware and request a ransom that far exceeds the amount paid by the credentials in exchange for allowing the information to be recovered.
The administrator accounts, the most expensive
In the private credentials market, bank accounts are the most expensive to sell, with an average price of $ 70.91. For that small amount, a hacker can create a real mess, not only by stealing funds, but by requesting new cards, credits or other financial products.
The second most expensive that is sold are antivirus accounts, with an average of $ 21.67, and is a much lower figure than it costs a paid subscription paid directly to the antivirus. The same goes for streaming services like Netflix, Spotify, VPN, etc., whose price is less than 10 dollars.
The researchers say the reason there are so many accounts on the network is because people use very weak passwords. Hackers know what the most common passwords are, and therefore only have to make automated login attempts by combining emails and hacking passwords already known. These types of tools are very cheap on the Dark Web, so achieving access to service accounts is something available to anyone.
Therefore, it is very important to always use unique and difficult passwords, and to use password managers such as Google, LastPass or similar, since this way we only have to remember one password to access the rest. It is also important to use two-step verification whenever possible.
If you do not know if any of your accounts and credentials have been hacked, we remind you that you can use the haveibeenpwned.com website to check if your credentials are in any hacked database.