Your Passwords Could Be For Sale on the Dark Web Right Now

Published at: July 10, 2020

A recent study revealed that over 15 billion credentials are in circulation via the dark web, representing a 300% increase since 2018. Available information ranges from network access credentials, banking login data, and even streaming services accounts from Netflix.

According to research conducted by the cybersecurity firm Digital Shadows, part of the leaked data is even circulating for free.

The report warns that the reason that so many account credentials are available online is that people are using non-complex passwords that can be easily brute-forced using hacking tools.

Access to corporate networks as an open door for ransomware attacks

Among the most valuable leaked credentials include access to corporate networks. This data type can fetch prices of up to $120,000, and have an average cost of $3,139, depending on factors like the company’s revenue.

The circulation of such data implies that ransomware gangs may use such access to infiltrate an entire network. This would allow them to deploy the malware of their choice, and ultimately hold these networks for ransom.

Bank login details from individuals are being sold with an average price of $70.91, while access for antivirus programs costs $21.67 on average.

Enabling two or multi-factor authentication to secure login credentials

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, warned:

“An enormous number of users’ credentials are exposed on a daily basis in a myriad of ways, from phishing to malware attacks to data breaches. The consequences of exposure may be minor, such as in the case of leaking Netflix logins, or extremely serious - leaked banking credentials, for example.”

While there is no “silver bullet” to this problem, Callow says that people can limit the likelihood of their accounts being compromised by using strong passwords, “never reusing passwords using an antivirus solution, keeping their operating system current with patches and, most importantly, using two- or multi-factor authentication on all services which support it.”

Research by cybersecurity firm, Cyble Research Team, revealed that on May 29, data for more than 80,000 credit cards were put up for sale on the dark web. The data from these cards appears to have been gathered from various countries around the world.

Cointelegraph also reported that a hacker gang known as “Keeper” established an interconnected network to steal credit card data from over 570 e-commerce sites. Since 2017, they have profited around $7 million in crypto by selling card information through the dark web.

Tags
Related Posts
A Hacker is Attempting to Sell a Las Vegas Hotel Database for Crypto
The MGM Resort suffered a massive data breach in 2019 that left 142 million hotel guests exposed. A hacker is now selling the stolen database for roughly $2,900. According to the information revealed by ZDNet, a dark web marketplace claims that data from 142,479,937 MGM hotel guests are on sale. Preferred payment is denominated in Bitcoin (BTC) and Monero (XMR). MGM Resorts confirmed the data breach, stating that they’re aware of the scope of this previously reported incident from 2019. No financial data was leaked However, according to the research, the cybercriminal did not leak any sensitive data from the …
Technology / July 14, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Garmin Could Face Sanctions if $10M Ransom is Paid
Garmin, a multinational tech company, has been operating at less than full capacity following a ransomware attack launched by the Russian cybergang, Evil Corp. Garmin is being extorted for a $10 million ransom, to be paid in cryptocurrency. According to a report published by Bleeping Computer, an unidentified Garmin employee confirmed that the WastedLocker ransomware took down the company’s customer support services, navigation solutions, and other aspects of the U.S.-based firm. The leader of the cybercriminal group is a Russian individual named Maksim Yakubets. A known criminal, Yakubets was indicted by the U.S. Department of Justice in 2019. He was …
Technology / July 27, 2020
Major Argentine Telecom Falls Victim to $7.5M Monero Ransomware Attack
Telecom, Argentina's largest telecommunications company, has fallen victim to a ransomware attack. Hackers are demanding $7.5 million in Monero (XMR) — an amount that will rise to $15 million if the company does not pay within 48 hours. Argentina's major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR pic.twitter.com/AGNvAXh1cg — Alex Krüger (@krugermacro) July 19, 2020 According to El Tribuno, the ransomware attack, which specifically affected Telecom’s call center, took place on July 18. The ransomware was ultimately contained by the Argentinian conglomerate’s IT workers. In a statement issued to local media …
Technology / July 20, 2020