It seems that a few months cannot pass without some company or another reporting that login data has been stolen from their care. Those details, which comprise email addresses, usernames and passwords, among other personally-identifying info, have to end up somewhere. And that somewhere is the dark web, where they’re being sold.
And the number of login details up for sale is not insubstantial. Cybersecurity firm Digital Shadows says that, according to the company’s research, there are more than 15 billion logins for sale, the product of more than 100,000 data breaches. Of these, some five billion are unique. But they’ve all got one thing in common – they have value.
Your mileage may vary
Usually. Some accounts, such as those belonging to company system administrators or government logins, can fetch a far larger sum. They’re typically sold at auction, fetching anywhere from $3,150 to $140,000. We’d imagine they’re being used to commit crimes of one sort or another – there’s probably not much of a market for valuable login collections. Besides, how would you display them?
Would you like to know more?
Setting up 2FA (two-factor authentication), practicing basic data security like using a password manager instead of the same password for every… bloody… account… and changing your passwords when a breach occurs goes a long way. And if you’re the subject of a suspicious email from inside your company from someone asking for information they should already have, perhaps… pick up the phone and check with them before replying with the logins to the server? Maybe?
Source: Business Insider