Explore how stolen credentials end up on the dark web and what that means for individuals and organizations. These articles cover credential theft methods, underground marketplaces, and actionable steps to detect and respond when your login data appears in dark web dumps or breach databases.
posts
In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the
In May 2024, the FBI and international partners seized BreachForums — one of the largest marketplaces where stolen credentials on the dark web were bought and sold in bulk. The forum had facilitated the sale of billions of compromised records, including credentials tied to U.S. government agencies, healthcare organizations, and
In January 2024, a massive dataset known as the "Mother of All Breaches" surfaced containing 26 billion records — credentials scraped, aggregated, and repackaged from hundreds of previous data breaches. Usernames. Passwords. Email addresses. All of it sitting on dark web forums, available to anyone willing to pay. If
