The Problem with Statistics of Compromised Credentials in the Dark Web

Dark web monitoring has become widely popular in the industry, with dozens of vendors, large and small, offering to extract intelligence from cybercriminal circles. In such a crowded market (Dark Web monitoring specifically and cyber security in general), vendors need to stand out from the pack. To do so, any cyber security company must have an arsenal of marketing materials and tools. One such effective tool is the threat research report, which includes interesting industry insights based on the company’s expertise. This report is especially relevant for these Dark Web monitoring vendors, who have a direct view to the dealings and innovation that happen in the underground economy. After all, the Dark Web is inherently very interesting, so writing reports on what goes on there is a no brainer.

One of the most popular type of reports in this space is one that details the amount and prices of compromised credentials that are traded in the Dark Web. It’s no surprise that these reports are popular as they are easy to understand by everyone, therefore making them appealing to both professionals and mainstream media. As they are written for broad appeal and the media’s attention, in many cases these reports are summarized into one or two sentences – “there are X number of credentials sold in the Dark Web right now”, or “you can get a stolen credit card for X dollars”. These reports do often include a “shopping list” of Dark Web prices for various types of credentials and many do delve deeper into the details of these findings, often speculating as to why certain things cost as much as they do. However, the reality of the Dark Web is usually much more complex, to the point that quoting credentials volume and price is usually meaningless. Some reports do a better job than others touching on these complexities, but the fact remains that normally only the numbers in the reports – the volumes and prices – are the focus and what only gets quoted, with the full intent of those who wrote the report. But as noted, these numbers are usually meaningless. Here is why, and why you should always take them with a pinch of salt.

Read more at CyberSecurity Magazine


IntelFinder is the most cost effective threat intelligence solution on the market, offering customer-specific and actionable therat intelligence at a fraction of the cost. We cover a wide variety of threats, such as similar domain registration, rogue apps, leaked employee credentials, leaked source code, leaked documents, exposed subdomains and more – all for only $250/month per brand.

IntelFinder is offered with a one month free trial – no strings attached and no credit card information required! 


Let's Be In Touch

Do you prefer talking with us before trying out the service? no problems!