Explore how stolen credentials end up on the dark web and what that means for individuals and organizations. These articles cover credential theft methods, underground marketplaces, and actionable steps to detect and respond when your login data appears in dark web dumps or breach databases.
posts
In June 2024, researchers at SpyCloud reported that over 17.3 billion credentials were circulating on underground marketplaces. That's not a theoretical number from a think tank. That's the real inventory of stolen credentials on the dark web — usernames, passwords, session tokens, and API keys — available
Your Employees' Passwords Are Probably Already for Sale In January 2024, researchers discovered a file called "Naz.API" circulating on dark web forums containing over 71 million unique email addresses paired with plaintext passwords — many harvested by credential-stealing malware. That's not a hypothetical. That'
In January 2023, Norton LifeLock disclosed that attackers used credential stuffing to compromise roughly 6,450 customer accounts. The passwords didn't come from a Norton breach. They came from stolen credentials dark web marketplaces had been selling for months — maybe years. The attackers simply bought username-password combos from
In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the
In May 2024, the FBI and international partners seized BreachForums — one of the largest marketplaces where stolen credentials on the dark web were bought and sold in bulk. The forum had facilitated the sale of billions of compromised records, including credentials tied to U.S. government agencies, healthcare organizations, and
In January 2024, a massive dataset known as the "Mother of All Breaches" surfaced containing 26 billion records — credentials scraped, aggregated, and repackaged from hundreds of previous data breaches. Usernames. Passwords. Email addresses. All of it sitting on dark web forums, available to anyone willing to pay. If
