Can you buy passwords for your darknet bank account?
On the Darknet, you can currently find and buy over 15 billion usernames and passwords stolen from internet users, up 300% from 2018. This is an impressive database with 2 passwords for every inhabitant of the Earth.
Such information can be found in the latest report “From Impact to Takeover” published by the research group Photon Research, which monitors cybercrime forums and analyzes proposals that have appeared on the Internet black market over the past year and a half.
Of these 15 billion personal data, about 5 billion are likely unique, as they only appeared once on the Darknet, according to analysts at Photon Research. These are sets containing a username and password, that is, authentication data that provides access to bank accounts, social networks, music services, as well as IT systems owned by companies.
The average price for a login and password is around $ 15. But for data that allows access to bank accounts or other financial services, it rises to $ 70. In the latter case, prices increase with an increase in the amount of funds in the account, as well as with the relevance of the stolen data – the newer they are, the more expensive.
On average, security and software logins and passwords come in second, with an average of $ 21 per set of credentials.
In all other categories (adult sites, accounts on popular social networks, video or music services, virtual private networks, etc.), cybercriminals ask for much less – on average, only about $ 8. In these cases, there are also many offers of free information.
A special category is data on the accounts of domain administrators who can provide access to corporate networks and IT systems. We cannot talk about the average price here, because information is most often sold at auctions. Starting prices are in the range of 3-120 thousand dollars, depending on the size and market position of the company.
The fact that someone’s logins and passwords have been stolen and available for purchase on the Darknet doesn’t mean an immediate threat. It only appears when some cybercriminal buys data and starts preparing an attack.
Things to remember for your online safety
Basic security tips are widely available on the Internet and are worth checking out.
If the password is strong, it will be more difficult to crack, which means that if the password database is leaked, it will be more difficult for cybercriminals to decrypt it.
Two- or multi-factor authentication is also a method that significantly discourages unauthorized access to accounts.
Is our data available on the Darknet?
You can check it out on the free HaveIBeenPwned website, which has a rich, regularly updated database of hijacked by attackers in recent years. It contains information on over 100,000 reported data breaches worldwide.
The website allows, for example, to enter the E-mail used to authenticate to the website and provides feedback, whether or not it is among the hacked accounts available on the Darknet, as well as related data leaks. If someone is afraid to expose this type of sensitive data on the Internet, they can download the database from the website and check their accounts locally.