High-value financial accounts on sale for £400 on the dark web

Research finds more than 15 billion account credentials are being traded online, for £12 on average

Sensitive financial account credentials, valued highly by cyber criminals, make up approximately a quarter of the 15 billion username and password combinations advertised online since 2018.

Highly lucrative and in-demand financial account username and password combinations are being traded for an average of £56 online, including over the dark web, against the average price of £12.18 for account credentials.

For supposedly high-quality individuals, bank and financial accounts can trade upwards of £395, according to research by Digital Shadows.

The number of stolen account credentials represents a 300% surge since 2018, with the 15 billion figure arising from 100,000 breaches. More than five billion of the account details are ‘unique’, meaning they have not been advertising on more than one criminal forum.

“The sheer number of credentials available is staggering and in just over the past 1.5 years, we’ve identified and alerted our customers to some 27 million credentials – which could directly affect them,” said Digital Shadows CISO and VP of strategy Rick Holland.

“Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple – consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised.”

The majority of compromised accounts belong to consumers, including usernames and passwords from several services ranging from video and music streaming sites to bank accounts. The latter accounted for 25% of all account credentials advertised.

While financial accounts are the most expensive, some accounts are being sold for less than £1.50, such as file-sharing or video games accounts. Streaming accounts were the second most popular, comprising 13% of those advertised, followed by 12% being VPN accounts. 

US-based accounts were the most frequently advertised, followed by Canadian, Australian, UK and German accounts. 

The reason that financial or bank accounts are so expensive, of course, is because when they’re compromised, cyber criminals would have access to their funds, plus any sensitive personal information tied to that account. 

The price, however, is influenced by several factors, including how much personal information can also be gleaned, while many high-priced accounts also serve as “drop” accounts that can be used in money laundering schemes.

Account takeover has never been easier or cheaper for cyber criminals than it is now, according to Digital Shadows, with a myriad of brute force tools and account checkers available on criminal marketplaces. Alarmingly, these are available for an average of £3.16 and can be deployed without much technical expertise.

Although multi-factor authentication (MFA) can serve as a barrier to hackers, there is evidence that methods to bypass this additional security step are often discussed on forums. 

Digital Shadows found evidence in December 2019, for example, that hackers were developing and selling a method to bypass MFA systems. One mechanism being developed was claimed to allow seven to nine out of ten accounts to be accessed without requiring SMS verification and was valued at approximately £4000.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021