Here’s how much your login credentials are worth on the dark web


Written by:


If you think there’s only a slim chance that fraudsters might steal your login credentials and use them for financial fraudidentity theft and other criminal activities, it’s time for a wake-up call.


More than 15 billion login credentials are for sale on any given day on the dark web and other underground markets that sell tools and information for fraud and identity theft, according to “Why Your Social Security Number Isn’t as Important as Your Log-In Credentials,” a report from the Identity Theft Resource Center (ITRC).


Stolen login credentials can also be the cause of corporate and small business data breaches and cyberattacks.

In fact, in 2021, one stolen password that wasn’t protected by multifactor authentication (such as a code sent that must be entered to access the account) allowed hackers to launch a cyberattack against Colonial Pipeline that shut down deliveries from Gulf Coast refineries to major markets on the East Coast, according to Reuters.


“Identity thieves want login credentials,” says the report. “They make more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information.”

What are the going rates for login credentials?

Depending on the type of account login, high-value credentials sell on the dark web for as much as $500 to $140,000 each, according to “From Exposure to Takeover,” a report from digital risk security provider Digital Shadows.

Here’s a rundown of the prices for stolen login credentials, according to Digital Shadows :

  • Email administrator: $500 to $140,000
  • Bank and financial accounts: $70
  • Antivirus programs: $21
  • Video and music streaming services: $15
  • Social media accounts: $10 or less

“Most credentials belong to consumers, and cybercriminals give away many for free,” according to the Digital Shadows report.

Ways that criminals steal login information

In addition to data breaches, your login credentials could be stolen in a number of ways, according to cybersecurity software company SentinalOne, including:

Credential stuffing

Hackers test databases and lists of stolen login credentials against multiple accounts to find a match.

Phishing emails and texts

Criminals pose as legitimate businesses to trick users into supplying their login credentials.

Password spraying

Hackers use a list of commonly used and easy-to-crack passwords such as 123456, password 123, batman, letmein and others against a user account name.


Malware keyloggers record your every keystroke to obtain login credentials for bank accounts, credit cards, digital wallets and other secure online forms.

Local discovery

Someone else sees a password you wrote down in a notebook, on a scrap of paper or elsewhere and uses it to access an account or multiple accounts.

How to protect your login credentials

Taking the following steps can help protect your login credentials against being stolen:

  • Use multifactor (code sent to phone, fingerprint, facial recognition, etc.) on all accounts.
  • Use only secure networks — avoid using public Wi-Fi, for example — and a virtual private network (VPN) to keep hackers, identity thieves and spammers from seeing your online activity.
  • Stay on top of all software updates.
  • Use at least a 12-character password on all accounts so they’re harder for hackers to crack.
  • Never click on links in phishing emails or text messages.

This article originally appeared on and was syndicated by

More from MediaFeed:

50 ways to avoid hackers over the holidays


The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster.

According to Adobe Analytics’ recent holiday forecast, online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.

This prolonged season of online shopping (and stress) will provide ample opportunity for phishers, smishers, vishers and identity thieves to pilfer your valuable personal and/or payment information. So, whether you plan to shop on the web or a brick and mortar store, extra vigilance is warranted. Here are 50 ways to avoid getting scammed during the holidays — and beyond.


AntonioGuillem / istockphoto


Credit cards offer markedly better fraud protections than debit cards, which connect directly to your bank account. Many credit cards also offer ancillary protections, like purchase protection, price protection and extended warranties.


Farknot_Architect / istockphoto


Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Virtual credit cards similarly allow online shoppers to mask their financial accounts.


No matter your payment of choice, check bank and credit card statements daily for suspicious or erroneous charges.


artisteer / istockphoto


Many financial institutions offer free transaction alerts that notify you when charges hit your account. These alerts can help you quickly spot fraud.


If you notice something that shouldn’t be on your bank or credit card statement, call your bank, credit union or credit card company immediately to dispute it. Immediately cancel all compromised cards and request replacements.




Never provide your payment information to anyone who calls you. Instead, hang up and contact the company directly to handle all transactions.


Be similarly wary of turning over your address, phone number or, worse, Social Security number, to unsolicited callers. (It’s worth noting that there’s no reason a legitimate retailer would need that last one — the skeleton key to your identity — to process a purchase.)




Make sure your smartphone, tablet and laptop are password-protected, particularly if you’re in the habit of carrying them around wherever you go.


Popular browsers, like Safari or Firefox, frequently issue updates to protect against scams. (Think of Google Chrome blocking you from visiting a suspicious website.) Make sure you have the latest version to protect yourself against new or emerging threats.


Protect yourself from malware by purchasing, updating, and upgrading antivirus software. Malware is malicious software designed to harm devices or glean data to commit identity-related crimes.


Stick to shopping when connected to your private Wi-Fi network as public Wi-Fi is a hotbed for criminal activity any time of year.


If you have to connect to the internet using a public network, do so with a virtual private network. VPNs encrypt data, making it much harder to intercept when transmitted through a shared or suspect internet connection.




Keep purchases concentrated to a one-to-two week window, if possible. Shop at reputable and recognizable retailers.


If you’re shopping at a retailer that is new to you, research the company’s standing on the Better Business Bureau website. You can also check a site’s status via Google’s Transparency Report tool.


Scammers aren’t exactly known for their five-star ratings. If a purported company has a bevy of bad reviews — or no reviews at all — consider that a cue to take your business elsewhere.


Minimize the odds of getting price-gouged by legitimate and illegitimate retailers alike by comparison-shopping across trusted websites before making a purchase.


While shopping, check that a website url starts with “HTTPS” (vs. HTTP). This designation signifies that the site has a Secure Sockets Layer (SSL) certificate. SSLs ensure all data is encrypted.


A green or gray padlock icon in your browser’s address bar also indicates that information, like credit card numbers, is encrypted when transmitted.


Typos are a surefire sign of fraud. Check urls for slight modifications to a popular retailer’s name. (Think “” or “”.) You can hover your mouse over links in emails to see full urls without having to click on them.


A strong password contains a random collection of uppercase and lowercase letters, numbers and symbols or a series of disassociated words, numbers and characters.


filistimlyanin / istockphoto


Never use duplicate usernames or passwords across any of your online accounts to limit your exposure in case of a data breach.




Conduct a password audit before you start your holiday shopping — and after, to decrease the odds of getting hacked after the holiday season is over.


Credit: Tero Vesalainen / istockphoto


Most online accounts allow users to enable two-factor authentication, or 2FA, which requires someone to login in with a password and a secondary credential, like a one-time code sent to a cell phone. Consider 2FA the equivalent of a lock on your front door: It won’t guarantee protection for your possessions, but it will provide a fair amount of security with minimal effort.


Online auto-pay options or auto-fill settings are certainly convenient — but they’re also risky, leaving your credit or debit card information vulnerable to thieves if they compromise whatever protections you have in place.


This fine print can provide valuable information regarding the data a site collects, how it’s protected, how they use it and who else has access to it.




Malvertising occurs when criminals hide malicious code in ads on legitimate websites. Common schemes include pop-ups advertising free goods or services in exchange for filling out a survey or warnings that your device has been infected.


You can minimize exposure to malvertising by using an ad blocker, disabling Flash and Java and keeping all software systems updated.


Alina Rosanova / istockphoto


If you walk into a store, keep your purse and/or wallet close. Never leave it in your shopping cart, car or even a back pocket.


TongTa // istockphoto


Be equally vigilant about traveling light: Carry one card for charging your holiday purchases. Leave cash, your checkbook and your Social Security card at home (in a secure location, of course).


Thieves are known to install skimmers, devices intended to pilfer payment information and PIN codes, wherever and whenever possible. To mitigate risk, avoid non-bank ATMs, particularly if they’re outside or in areas with little foot traffic, and scan all machines for signs of tampering.


Memorize your PIN number instead of writing it down on your card or keeping it in your wallet. Never let a store clerk enter your PIN code for you. Do it yourself. Place a sticker over your credit card’s CVV code, that tiny three-digit number on the back of your card at the end of the signature box.


Deposit Photos


Compare the totals to the charges that appear on your credit card statements.


industryview / istockphoto


Criminals often steal account codes from gift cards that are easily accessible, so look for signs of tampering before purchasing one. It’s advisable to purchase gift cards close to Christmas and encourage recipients to use them right away.




There’s a chance the unsolicited offer in your inbox is a “phishing” scheme. “Phishing” occurs when a scammer poses as a legitimate company or website in an attempt to get their targets to click on a link that prompts them to enter personal information or downloads malware onto their devices.


Retailers will never send an unexpected attachment. If you receive an email from a seemingly legitimate retailer that contains an attachment, close the email and call the retailer directly.


Phishing schemes don’t only travel by way of email. Avoid clicking on links in unsolicited texts, especially if the deal they’re touting seems too good to be true.


In one of the tried-and-true scams of Christmas, fraudsters phish by sending their targets texts or emails about “delivery issues” or false-shipping notifications. Contact the sender directly if you get one of these communications.


Avoid delivery issue scams by tracking your shipments via confirmation emails or password-protected online accounts.


Dissuade porch pirates from stealing deliveries by installing a security camera or smart doorbell.




Security cameras are a deterrent, but not a failsafe. Thwart thieves by having items shipped to a nearby store that offers contactless curb-side pickup. You can also have packages held at your local post office or, for example, stored in an Amazon Hub Locker.




Steer clear of freebies, discount codes, e-vouchers and sweepstakes making the rounds on social media. They’re often designed to harvest valuable personal information.


Back in 2016, hundreds of fake retailer apps flooded Apple’s App Store just in time for the holiday shopping season. The apps were ultimately removed, but scammers are still known to slip into the App Store or Google’s Play Store from time to time. You can avoid downloading a counterfeit app by checking the developer’s or company’s name for misspellings or typos, reading reviews and accessing the app via the company’s official website.


They are a scammers’ modus operandi. Be equally dubious of any sellers or resellers asking you to pay via a gift card.


BrianAJackson / Getty


Scammers will tug at your heartstrings via charity scams at all times of the year, so pause before giving. Instead, visit the organization’s website by manually typing in its URL or using search to find the link. You can also use Charity Navigator to confirm an organization’s authenticity.


LemonTreeImages / istockphoto


It bears emphasizing: You can skirt most online shopping scams by ignoring unsolicited links and verifying any deals, steals and promotions directly with the retailer.


Choreograph / istockphoto


Identity thieves make a living piecing together profiles or figuring out passwords by looking at photos, geolocational data or other seemingly innocuous information shared via social media platforms.


Online wish lists are designed to let your friends and family know what you want for Christmas, but they also provide scammers with an aggregate of your interests. Resist the urge to create one — or, if you must, adjust your privacy settings so that only particular people can see it.




A best practice any time of the year, never discard full bank or credit card statements in the trash. Identity thieves go through garbage in the hopes of obtaining payment or personal information.


PhotoBlink / istockphoto


Unfamiliar accounts on your credit report could be a sign of identity theft. You’re entitled to a free credit report from each major credit reporting agency every twelve months — and due to the COVID-19 pandemic, the bureaus are offering free weekly online reports through April 2021. You can request these reports from




Spread awareness by reporting any scams you encounter to the Federal Trade Commission. If you fall victim to fraud, file a police report and register a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3).

Identity-related crime doesn’t have to ruin your holidays or your life. Many insurance companies, financial services organizations and employers offer cyber and identity protection products and services as a perk of your relationship either for free or at a deep discount.

Before you have a problem, it’s a good idea to contact your insurance agent, bank or credit card rep or the HR Department where you work to find out if they offer it, if you are already enrolled and if not, what you need to take advantage of it.

This article originally appeared on and was syndicated by


ismagilov / istockphoto


Featured Image Credit: tsingha25/iStock.