5 Billion Unique Credentials Circulating on Darknet


According to the report released by security firm Digital Shadows, a total of 15 billion user credentials are circulating on the darknet forums. Among those, 5 billion are unique that do not have any repeated username and password pair. Cybercriminals are selling access to online bank accounts and domain administrator rights to corporate networks. 

A threat researcher at Digital Shadows, Kacey Clark says, “More often than not, credentials that are exposed are reposts or amalgamations of previously exposed credentials,” 

“Security teams that monitor for these types of issues, therefore, may well have already remediated the risk. Unique credentials, however, represent a higher risk and so are likely of greater concern for security teams.”

The cyber crimes are increasing and the number of stolen credentials advertising on the underground forums has increased by 300% since 2018. Extensive research of 18 months done by Digital Shadows shows that nearly 10,000 data breaches have taken place in two years in which credentials are compromised.  

Creator of the HaveIBeenPwned breach notification service, Troy Hunt tells Information Security Media Group,

“I’m not overly surprised by the numbers,” 

He added, “Anecdotally, I’ve noticed a lot more credential stuffing lists in circulation recently, and just like the [COVID-19] pandemic itself, they seem to be replicating at a fierce rate.”