Credentials for sale
15 billion. Two for every person on the planet. That's the number of stolen credentials being traded on illicit marketplaces, and five billion of them are unique. Digital Shadows says it cost just $15.43 to buy the details of an average account, with many offered for nothing. At the top end, credentials for Active Directory domain administrator accounts were advertised for prices ranging from $500 to $95,000. Digital Shadow's findings are based on 18 months spent analysing criminal forums. Their conclusion; the number of stolen usernames and passwords in circulation has increased by 300% since 2018. They also estimate that, on average, we have around 191 services requiring a password, so (as we've said many times) the only practical solution is to use a password manager. Incidentally, Motherboard has revealed that US government agencies are among those buying stolen data. The aim is to help track down criminals. The by-product is information about billions of innocent computer users.