COMMENTARY: The dark web continues to grow significantly in size and influence, increasingly becoming a hub for illicit activity. By 2022, an estimated 30,000 websites were active on the dark web, marking a 44% increase over the previous year. Daily traffic continues to surge, with approximately 2.5 million visitors as of 2023.
As we enter 2025, organizations must adopt a more vigilant and skeptical stance than ever before. Assume exposure. Assume the worst. An organization’s most valuable assets—intellectual property, customer data, and trade secrets—are likely already circulating in the depths of the dark web, putting the organization at risk of financial loss and reputational damage.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
With each passing year, more and more of our data shifts online. Naturally, as we conduct business, this data moves and disperses across various web servers, networks, applications, APIs, and systems. Unable to secure every last system the data touches, some of this information inevitably becomes exposed, often by a simple misconfiguration that leads to an easy hack. In short order, millions of dollars in IP exits the back door without notice.
Just ask the organizations hit by the MOVEit breach in 2023, where a single flaw exposed data from 77 million individuals and 2,600 organizations, including the U.S. Department of Energy. Or those affected by the National Public Data Breach this year, with 2.9 billion sensitive records leaked, impacting 270 million people. Or Ticketmaster, AT&T, LinkedIn—the list goes on.
Despite this overwhelming evidence, many remain either unaware of or indifferent to the threats posed by the dark web. Getting a clear picture of where the dark web data resides, how it works, and the costs to businesses, will dramatically change this.
Where: The marketplaces that support cybercrime
Dark web marketplaces serve as the hubs of this shadow economy, each catering to specific types of illicit goods and stolen information. Some of the most active include:
- Abacus Market: A newer platform, valued at $15 million, offering more than 40,000 listings, including drugs, counterfeit items, and cybercrime tools.
- Russian Market: Active since 2019, it specializes in personally identifiable information (PII), stolen credit cards, and compromised PayPal accounts.
- BriansClub: One of the most notorious platforms, it focuses on selling stolen credit card details and PII.
- FreshTools: With more than 800,000 products, it specializes in stolen accounts, spanning categories from banking to social media.
- Cypher Marketplace: Known for more than 12,000 listings, it deals in credit cards, fake documents, and narcotics.
These marketplaces are highly organized, offering search functionality, customer reviews, and even “customer service” to buyers. Dark web marketplaces are ephemeral and frequently disappear because of law enforcement action or exit scams, but when one shuts down a new one rises to take its place.
What: Access-as-a-Service
Not every budding cybercriminal has the technical skills to hack organizations or build-their-own malware. As a result, the dark web also hosts thriving “Malware-as-a-Service” and “Access-as-a-Service” economies, with some threat actors selling administrative credentials or other backdoors to corporate networks to aspiring thieves.
These premium accounts command a higher price than stolen credentials or payment card details and sometimes don’t even make it to the public marketplaces, instead being sold directly to trusted buyers in private transactions. While a single set of credentials to a social media site could sell for pennies on the dollar, administrative passwords to a global enterprise system could command thousands of dollars from the right buyer.
These transactions, conducted exclusively in cryptocurrencies such as Bitcoin, Litecoin, and Monero, ensure anonymity for buyers and sellers alike, making this underground economy both resilient and difficult to disrupt.
For a cybercriminal, each piece of stolen data represents a tiny investment with the potential to make massive returns—and cost the victims millions in damages.
The range of stolen data available on the dark web is staggering, often including:
- Leaked Credentials: Login details for personal and corporate accounts, sold in bulk. These let attackers breach networks, steal data, and escalate attacks.
- Privileged Access: Administrative accounts, VPN credentials, and access to sensitive networks are prized for their ability to compromise critical systems.
- Corporate Secrets: Trade secrets, customer databases, financial records, and internal communications are frequent targets, posing severe competitive and reputational risks.
- Exploit Kits and Malware: Ready-made tools, including ransomware-as-a-service, allow even low-skill attackers to launch sophisticated cyberattacks.
- Personally Identifiable Information (PII): Names, addresses, social security numbers, and other personal details are used for identity theft, fraud, and social engineering schemes.
- Financial Data: Credit card details, bank credentials, and cryptocurrency keys are sold for direct theft and fraud.
- Compromised Devices: Infected devices are sold to build botnets, launch DDoS attacks, or mine cryptocurrency.
Cost: The price of stolen data
The price of stolen data on the dark web remains shockingly low, making it widely-accessible to cybercriminals. Basic personal information, such as names and addresses, costs just $5 to $15. Full identity profiles, known as “Fullz,” which often include Social Security numbers and birth dates, are priced between $20 and $100. Scanned passports and U.S. driver’s licenses command higher rates, at $100 and $150, respectively.
Financial data, such as credit card details, sells for $15 to $120, depending on the account balance, while cloned credit cards with PINs go for just $20 to $25. Hacked online banking logins range from $35 to $65, and compromised PayPal accounts sell for $3 to $10 each. Even hacked social media accounts, like Facebook, are listed for approximately $45. These accounts are sold in bulk, often after an initial exploit attempt by the seller, with the expectation that many of the accounts will already be shut down or unusable by the buyers.
The dark web’s thriving economy of stolen data represents a growing challenge for businesses and individuals. Security teams need to understand what they are up against and assume the worst. They also must continuously monitor assets and preempt them from ending up in the wrong hands. With billions of dollars exchanging hands, the dark web no longer hides in the periphery: it’s staring us right in the face.
Emma Zaballos, senior researcher, CyCognito
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
