In fact, by scouring various forums on the Dark Web, you can find more than fifteen billion credentials for sale, and more than five billion of them are unique.
Typically, hackers sell login credentials by company, but some larger collections are aggregated by industry. Of those, user accounts and passwords from non-financial service companies including VPN, the adult industry, the video game industry, and social media tend to be the least expensive. They tend to be sold for less than twenty dollars. Contrast that with user accounts and passwords from the financial services sector average about $70 each.
The real money though, is in accounts where a hacker can confirm a bank balance for an online bank account. In those instances, depending on the confirmed balance, the credentials can go for $500 or even more.
The most expensive login credentials on the web are those with confirmed domain admin access. These are not sold at a fixed price, but rather, auctioned to the highest bidder. They average more than $3,000 per account, but in one instance, sold for a staggering $120,000.
The bottom line here is simply this: Your information is valuable, and there’s a largely invisible market for your login information. Guard it closely and make sure your passwords aren’t easily guessed. When a company you do business with is hacked, don’t take any chances. Change your password immediately. Don’t become a statistic.