Dark Web Alert — 2.9 Billion Passwords, 14 Million Credit Cards Stolen
Stolen credit cards and passwords published on dark web.
I recently reported how a total of 19 billion compromised passwords had been published online to criminal forums on the dark web and shady corners of the surface web. Perhaps unsurprisingly, those shocking numbers resonated with the public, and the story went viral. Here’s the bad news: the numbers are actually worse than initially thought. While 1.4 billion of the original stolen password count were found to be unique, the remainder being repeated common passwords, new research has now revealed that an incredible 2.9 unique compromised passwords are available for purchase or sharing on the dark web, along with an astonishing 14 million stolen credit cards. Here’s what you need to know.
Passwords For Sale Or Rent, Credit Cards For 50 cents
OK, so I’m taking liberties with the lyrics of Roger Miller’s sixties classic, King of the Road, in this sub-heading, but the sentiment is spot on. Threat actors want your passwords to facilitate everything from ransomware to spyware attacks. Recent reports have placed the number of passwords available to cybercriminals on the dark as being in the range of 1.7 billion to the aforementioned 19 billion, although when talking about unique passwords, that drops to 1.4 billion, which is in the same kind of ballpark. The latest threat intelligence analysis, however, suggests those numbers are low. Very low indeed.
The Bitsight TRACE Security Research team has suggested that the amount of breach data, including compromised passwords and credit cards, skyrocketed by 43% in 2024 compared to the previous year. The State of the Underground report, found that 20% of all data breach victims were accounted for by U.S. organizations. Which makes the fact that is also identified that there were 2.9 billion totally unique sets of compromised credentials, up from 2.2 billion stolen passwords in the 2023 report, available to threat actors on the dark web. When it comes to stolen credit cards, the numbers are smaller but just as concerning: 14.5 million listed on underground criminal forums, that’s up 20% on the previous year.
A surge in infostealer activity is partly responsible for the increased number of compromised passwords, Bitsight said. However, when it comes to the stolen credit cards, Bitsight confirmed that the rise was “exclusively due to a surge in US cards; the number of cards from the rest of the world declined by 1.6 million, but listings of US cards increased by 4.5 million, counting for 80.7% of all compromised card listings in 2024.”