⁍ Hackers are circulating at least 15 billion stolen login credentials on dark web forums, according to a new audit from cybersecurity firm Digital Shadows.

---

⁍ The practice of sharing stolen logins is nothing new, but the new audit presents a clearer picture of the scope of the problem.

---

⁍ Accounts seen as especially valuable, like domain administrators for a small business or local government, are typically auctioned off on the dark web.

---

– “Account takeover has never been easier (or cheaper) for cybercriminals,” the authors of a new report from cybersecurity firm Digital Shadows write. “Attackers will find brute force hacking and credential-stuffing a virtual cakewalk.” That’s because at least 15 billion stolen login credentials are up for sale on the so-called “dark web,” the New York Times reports. According to the report, Digital Shadows identified 15 billion username-password pairs stemming from more than 100,000 data breaches. Approximately 5 billion of those are unique. Some logins are more valuable than others—while hackers share some passwords free of charge, logins for banks and other financial accounts sell for $70 per credential. logins for antivirus programs are priced the second-highest at $22 on average, while logins for video game platforms average just a few dollars per credential. According to the report, stolen logins can be used to steal money or commit bank fraud, while hacked financial accounts can enable hackers to “move laterally” inside an organization by impersonating someone in order to gain their colleagues’ trust and trick them into handing over even more information. The report recommends people use password managers, enable two-factor authentication as much as possible, and change their passwords frequently in order to avoid stolen credential attacks.