Security News > 2020 > July > Criminals auction off stolen domain admin credentials for up to £95k. Your bank account details? Barely get £50
Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces.
"Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."
"Many account details are offered free of charge but of those on sale the average account trades for £12.18. Unsurprisingly, bank and financial accounts are the most expensive, averaging at £56, however they trade for upwards of £395, depending on the 'quality' of the account," Digital Shadows said.
The infoseccers also found "Dozens" of ads for Active Directory domain admin accounts, which it said were being auctioned off "With prices ranging from £395 to £95,000".
Targeted surveillance picks up the mark's "Fingerprint data," including cookies, IP addresses, and time zones, which allows the account to be taken over by the baddies.