According to Digital Shadows cybersecurity researchers, more than 15 billion pieces of account information, including bank accounts and network administrator accounts, are “off the shelf” on the dark web, and some of the information is even available for free.
Many accounts have been shared multiple times, indicating that users do not know that their accounts have been attacked. Even if there is duplication of information, there are more than 5 billion “independent” accounts that “sell for the price” on the dark web.
Digital Shadows said that the highest price is the system administrator account information, which can reach a maximum of 120,000 US dollars, the average selling price of such account information is 3139 US dollars. However, criminals who obtain such account information usually have a “lion’s mouth” to the attacked organization, so they think such a price is “value for money”.
Among consumer account information, bank account information has the highest price, with an average of 70.91 US dollars (about 500 yuan). Using this type of information, criminals can usually steal money from users’ bank accounts, and even apply for credit cards and loans.
Surprisingly, the second-highest-priced consumer account information is an anti-virus software account, with an average price of $21.67-much lower than the normal annual fee for anti-virus software.
Streaming services, VPNs, file sharing, and social media account information all cost less than $10.
The researchers said that the reason for the large amount of account information on the dark web is that people use low-strength passwords, which are easily cracked by brute force tools.
One way consumers and organizations can increase the difficulty of attacking online accounts is to set a unique password for each service.
Users should also use multi-factor authentication security technology. Once the password is cracked, the system will remind the user.