High-value financial accounts on sale for £400 on the dark web

Research finds more than 15 billion account credentials are being traded online, for £12 on average

Sensitive financial account credentials, valued highly by cyber criminals, make up approximately a quarter of the 15 billion username and password combinations advertised online since 2018.

Highly lucrative and in-demand financial account username and password combinations are being traded for an average of £56 online, including over the dark web, against the average price of £12.18 for account credentials.

For supposedly high-quality individuals, bank and financial accounts can trade upwards of £395, according to research by Digital Shadows.

The number of stolen account credentials represents a 300% surge since 2018, with the 15 billion figure arising from 100,000 breaches. More than five billion of the account details are ‘unique’, meaning they have not been advertising on more than one criminal forum.

“The sheer number of credentials available is staggering and in just over the past 1.5 years, we’ve identified and alerted our customers to some 27 million credentials – which could directly affect them,” said Digital Shadows CISO and VP of strategy Rick Holland.

“Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple – consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised.”

The majority of compromised accounts belong to consumers, including usernames and passwords from several services ranging from video and music streaming sites to bank accounts. The latter accounted for 25% of all account credentials advertised.

While financial accounts are the most expensive, some accounts are being sold for less than £1.50, such as file-sharing or video games accounts. Streaming accounts were the second most popular, comprising 13% of those advertised, followed by 12% being VPN accounts. 

US-based accounts were the most frequently advertised, followed by Canadian, Australian, UK and German accounts. 

The reason that financial or bank accounts are so expensive, of course, is because when they’re compromised, cyber criminals would have access to their funds, plus any sensitive personal information tied to that account. 

The price, however, is influenced by several factors, including how much personal information can also be gleaned, while many high-priced accounts also serve as “drop” accounts that can be used in money laundering schemes.

Account takeover has never been easier or cheaper for cyber criminals than it is now, according to Digital Shadows, with a myriad of brute force tools and account checkers available on criminal marketplaces. Alarmingly, these are available for an average of £3.16 and can be deployed without much technical expertise.

Although multi-factor authentication (MFA) can serve as a barrier to hackers, there is evidence that methods to bypass this additional security step are often discussed on forums. 

Digital Shadows found evidence in December 2019, for example, that hackers were developing and selling a method to bypass MFA systems. One mechanism being developed was claimed to allow seven to nine out of ten accounts to be accessed without requiring SMS verification and was valued at approximately £4000.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

Why you should prioritise privileged access management
Sponsored

Why you should prioritise privileged access management

9 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020