High-value financial accounts on sale for £400 on the dark web

Research finds more than 15 billion account credentials are being traded online, for £12 on average

Sensitive financial account credentials, valued highly by cyber criminals, make up approximately a quarter of the 15 billion username and password combinations advertised online since 2018.

Highly lucrative and in-demand financial account username and password combinations are being traded for an average of £56 online, including over the dark web, against the average price of £12.18 for account credentials.

For supposedly high-quality individuals, bank and financial accounts can trade upwards of £395, according to research by Digital Shadows.

The number of stolen account credentials represents a 300% surge since 2018, with the 15 billion figure arising from 100,000 breaches. More than five billion of the account details are ‘unique’, meaning they have not been advertising on more than one criminal forum.

“The sheer number of credentials available is staggering and in just over the past 1.5 years, we’ve identified and alerted our customers to some 27 million credentials – which could directly affect them,” said Digital Shadows CISO and VP of strategy Rick Holland.

“Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple – consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised.”

The majority of compromised accounts belong to consumers, including usernames and passwords from several services ranging from video and music streaming sites to bank accounts. The latter accounted for 25% of all account credentials advertised.

While financial accounts are the most expensive, some accounts are being sold for less than £1.50, such as file-sharing or video games accounts. Streaming accounts were the second most popular, comprising 13% of those advertised, followed by 12% being VPN accounts. 

US-based accounts were the most frequently advertised, followed by Canadian, Australian, UK and German accounts. 

The reason that financial or bank accounts are so expensive, of course, is because when they’re compromised, cyber criminals would have access to their funds, plus any sensitive personal information tied to that account. 

The price, however, is influenced by several factors, including how much personal information can also be gleaned, while many high-priced accounts also serve as “drop” accounts that can be used in money laundering schemes.

Account takeover has never been easier or cheaper for cyber criminals than it is now, according to Digital Shadows, with a myriad of brute force tools and account checkers available on criminal marketplaces. Alarmingly, these are available for an average of £3.16 and can be deployed without much technical expertise.

Although multi-factor authentication (MFA) can serve as a barrier to hackers, there is evidence that methods to bypass this additional security step are often discussed on forums. 

Digital Shadows found evidence in December 2019, for example, that hackers were developing and selling a method to bypass MFA systems. One mechanism being developed was claimed to allow seven to nine out of ten accounts to be accessed without requiring SMS verification and was valued at approximately £4000.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now


New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021