At this moment, there is more than 15bn certificate on the Internet according to new research from Digital Shadows.

The firm's new study, titled"From Exposure to Takeover", found that the number of stolen certificate currently available for purchase is equal to more than two for every individual on the planet. The number of credentials that were exposed and stolen has increased by 300 per cent since 2018 as a result of more than 100,000 distinct breaches.

Of the 15bn stolen certificate, the analysis of Digital Shadow found, more than 5bn of these were assessed to be’unique’ since they have not been advertised on forums. The study also found that the majority of vulnerable credentials belong to consumers and contain usernames and passwords to streaming solutions for music and video out of bank accounts.

Even though many account details are offered for free on the Dark Internet, the average price of those on sale is $15.43. Bank and financial accounts will be the most expensive, however, averaging at $70.91 but some exchange for over $500 depending on the calibre of the report.

Account takeover-as-a-service

Digital Shadows has alerted clients to 27.3m username and password combinations in the last 18 months. But, account takeover has never been easier or cheaper to do for cybercriminals. That is because a variety of accounts checkers and brute force tools are available on Internet marketplaces for an average.

Digital Shadows observed account takeover-as-a-service's growth while conducting its study. Rather than purchasing credentials, cybercriminals can rent an identity for a given time for less than $10 on websites like the Genesis Market. These services collect fingerprint data as making it considerably easier to perform account takeovers and transactions that go unnoticed.

Rick Holland provided additional insight about the rise in account takeovers, stating in a media release announcing the news, VP and CISO of Strategy in Digital Shadows:

"The infinite variety of credentials available is shocking, and in just within the past 1.5 years, we have identified and alerted our clients to 27 million credentials — that could directly influence them. A number of these exposed accounts can possess (or have access to) amazingly sensitive details. Details might be re-used to compromise accounts utilized everywhere. The message is simple — consumers should use different passwords for each account and organizations should remain in front of the criminals by tracking where the particulars of their workers and clients may be endangered."