Africana55 Radio 
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
There are more than 15 billion stolen account credentials circulating on criminal forums within the dark web, a new study has revealed.
Researchers at cyber security firm Digital Shadows discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services.
The majority of exposed credentials belong to consumers rather than businesses, the researchers found, resulting from hundreds of thousands of data breaches.
Unsurprisingly, the most expensive credentials for sale were those for bank and financial services. The average listing for these was £56 on the dark web – a section of the internet notorious for criminal activity that is only accessible using specialist software.
“The sheer number of credentials available is staggering,” said Rick Holland, CISO at Digital Shadows.
“Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere.”
Mr Holland said that his firm had alerted its customers to around 27 million credentials over the past one-and-a-half years that could directly affect them.
Created with Sketch.
Created with Sketch.
1/6 Guns on the dark web
Guns for sale on a dark web market place, August 2018
Screenshot
2/6 Dream Market vendor guidelines
Some popular market places on the dark web still abide by a set of standards, despite selling illegal goods and services
Screenshot
3/6 'Mystery box' for sale on the dark web
A 'mystery box' for sale on the dark web, August 2018. Scam listings for the boxes first began appearing on the dark web after fake videos of people opening them trended on YouTube
Screenshot
4/6 Religious texts on the dark web
Religious and banned texts can be found on the dark web, allowing people to bypass censors in countries that suppress free speech
Screenshot
5/6 Seeking help and advice on the dark web
The Hidden Guru site on the dark web, offering 'knowledge from beyond', August 2018
Screenshot
6/6 Hidden Guru
Waiting for a response from the dark web's Hidden Guru, August 2018
Screenshot
1/6 Guns on the dark web
Guns for sale on a dark web market place, August 2018
Screenshot
2/6 Dream Market vendor guidelines
Some popular market places on the dark web still abide by a set of standards, despite selling illegal goods and services
Screenshot
3/6 'Mystery box' for sale on the dark web
A 'mystery box' for sale on the dark web, August 2018. Scam listings for the boxes first began appearing on the dark web after fake videos of people opening them trended on YouTube
Screenshot
4/6 Religious texts on the dark web
Religious and banned texts can be found on the dark web, allowing people to bypass censors in countries that suppress free speech
Screenshot
5/6 Seeking help and advice on the dark web
The Hidden Guru site on the dark web, offering 'knowledge from beyond', August 2018
Screenshot
6/6 Hidden Guru
Waiting for a response from the dark web's Hidden Guru, August 2018
Screenshot
The number of stolen credentials has risen by more than 300 per cent since 2018, due to a surge in data breaches. An estimated 100,000 separate breaches have taken place over the last two years.
Among the credentials for sale were those that granted access to accounts within organisations, with usernames containing the word "invoice" or "invoices" among the most popular listings.
Digital Shadows said it was unable to confirm the validity of the data that the vendors purport to own without purchasing it. The researchers said that listings included those for large corporations and government organisations in multiple countries.
Security experts advise internet users to use individual passwords for each online service that they use, while also adopting measures like two-factor authentication where possible.
Online tools like HaveIBeenPwned can also indicate whether a person's email address has been compromised in a major data breach.