How Stolen Credentials Are Sold On The Dark Web

How Stolen Credentials Are Sold On The Dark Web
Rate our article

The dark web/ darknet is a very well-known and hidden section of the internet that is accessible only through specialized software, a fully functional market marketplace for stolen credentials creates a significant threat to cyber security for the normal user. 

Millions of personal records and sensitive data are stolen and sold on the darknet each year. For instance, in 2019, a seller was offering over 617 million account details stolen from 16 hacked websites for less than $20,000 total. The darknet offers its users a form of anonymity, creating a perfect place for various illegal activities, including the trade and sale of stolen digital identities.

Profile Types of Stolen Credentials

The stolen data sold on the darknet can range from different types and values. Simple username and password combinations may go for lower prices, but more important data, which is known as “Fullz”, will include the full profiles of an individual’s identity, which, as we all know, are very valuable to us and even more valuable to the buyers. 

Types of Sellable Data:

  1. Username and Password Combinations:
    • Used to gain unauthorized access to various online accounts, including email, social media, and online banking.
  2. Fullz (Comprehensive Personal Profiles):
    • Contains a person’s name, date of birth, Social Security number, credit card numbers, and physical addresses.
    • Enables identity theft, fraudulent credit applications, and other financial crimes.
  3. Email Addresses:
    • Used for phishing attacks, spamming, and as a point of contact for further exploitation.
  4. Social Security Numbers (SSNs):
    • Facilitate identity theft, fraudulent tax filings, and opening lines of credit in the victim’s name.
  5. Bank Account Information:
    • Allows unauthorized access to bank accounts for withdrawal of funds or fraudulent transactions.
  6. Credit Card Numbers:
    • Used for making unauthorized purchases online or creating counterfeit cards for in-person transactions.
  7. Personal Identification Numbers (PINs):
    • Used in conjunction with stolen credit or debit card information to withdraw cash from ATMs or make unauthorized transactions.
  8. Medical Records:
    • Can be used for medical identity theft, fraudulent insurance claims, or obtaining prescription medications.
  9. Employee Credentials (e.g., Employee ID, Passwords):
    • Exploited to gain unauthorized access to corporate networks, sensitive information, or to conduct insider attacks.
  10. Government IDs (e.g., Driver’s License, Passport):
    • Used for identity theft, fraudulently obtaining government benefits, or as proof of identity for criminal activities.

These Fullz normally have a person’s name, date of birth, social security numbers, and sometimes even other information like credit card numbers and physical addresses, making them highly sought after for more intense criminal activities such as identity theft and financial fraud.

Darknet Market and How It Works

When cybercriminals successfully steal a user’s credentials through a variety of ways like phishing, malware attacks, data breaches, or man-in-the-middle attacks, they take the user’s stolen credentials and turn them into items for sale on what is known as the darknet market. Here’s a simple breakdown of how this process works:

  • Acquisition of Credentials: Cybercriminals use different methods to steal personal information. This can be from tricking someone into giving away their password through a fake login page (phishing) to installing dangerous software on a person’s computer to capture the user’s keystrokes (malware).
  • Entering the Darknet: The stolen information is then brought to the darknet, a hidden part of the internet that is not accessible through normal search engines or browsers like Google or Yahoo. Special tools and software are required to access the dark web or darknet, which is why it is still a preferred way to do these illegal activities. That being said, using it is not illegal, it’s what you do on the websites that could be illigal.
  • Listing on Marketplaces: On the darknet, there are specific websites that operate like underground e-commerce stores, which are also known as marketplaces. This is where stolen credentials are listed just like products would be on a normal online shopping website. These credentials can include simple items like email addresses and passwords or more important personal details like Social Security numbers and bank account information.
  • Transaction Process: Buyers interested in purchasing stolen credentials can browse these darknet marketplaces which is very similar to shopping online. They look for the types of credentials they need and then go ahead to purchase them mostly using cryptocurrencies, which adds to the safety of the buyers.
  • Use of Stolen Credentials: After purchasing these credentials the buyer can use it for a variety of different illegal activities such as getting access to someone’s bank account, opening fraudulent credit lines, or even getting away with identity theft.

Understanding this process just shows how important good cybersecurity measures are to prevent your personal information from being stolen and sold on these darknet marketplaces. But if your OpSec is in place, you pretty much don’t need to worry.

What Makes Your Info Valuable

The value of stolen credentials on the darknet can be  influenced by a few different factors:

  • Data Type: More important and sensitive information asks for a higher price.
  • Demand: The demand for a specific type of data, or “product”, can also drive up the prices.
  • Freshness: Credentials that have been recently stolen are seen as much more valuable because they are less likely to have been cancelled or changed by the victim.
  • Completeness: Data sets that provide a more “full packaged” profile of an identity are more expensive and sought after.

This makes your Data valuable, and its value fluctuates according to various reasons, but as an example, comprehensive personal profiles can sell for anywhere from $30 to $1000 per record. Credit card details are usually sold on fraud shops in batches. The prices range from a few dollars to $100 per card, depending on factors such as the card’s credit limit, expiration date, and whether it comes with additional information like the cardholder’s address. Stolen bank account credentials can range from $100 to $500 per account, medical records can range from $20 to $1000 per record, and stolen employee credentials.

Perhaps the most popular breaches take place in healthcare data. In 2020 alone, Protected Health Information (PHI) breaches affected over 26 million people in the U.S. The average cost of a healthcare breach is about $7.13 million, the highest of any industry. These details bring insurance fraud opportunities, targeted attacks on individuals, and significant breaches of privacy.

The Darknet Is the Ideal Marketplace

The build of the darknet marketplaces was designed to look a lot like legitimate e-commerce websites, with all the normal features like vendor ratings, product descriptions, and customer feedback. 

The marketplace also allows for transactions but also has its challenges for law enforcement agencies trying to track and break down these networks. The secrecy provided by the darknet makes the efforts to track down both buyers and sellers involved in the illegal credential trade much more difficult for law enforcement agencies.

Darknet Monitoring Helps, But Prevention Is Key

While the sale of stolen people’s personal information is a scary reality, efforts to fight against these activities are still happening to this day. There are dark web monitoring services that play an important role in finding when stolen data appears on these markets, which allow individuals and organizations to react quickly to potential threats. Implementing strong cybersecurity, such as using two-factor authentication and making sure one has strong password policies, which can help lower the risk of personal information theft.

As cybercrime continues to grow with the times, understanding the different ways how stolen credentials are sold on the darknet is so important for both individuals and organizations aiming to protect their digital assets.