Understanding the Password Black Market

Some leaked password lists are so huge that they can't be ignored. However, some lists are full of junk credentials, which are meaningless to most. So why would a hacker go to the effort of posting breached passwords if they are worthless? 

First Published 11th May 2016

Understanding the Password Black Market

People love quality, and this also extends to password dumps on the black market.

2 min read  |  Reflare Research Team

Last week, we saw one of the biggest password dumps in recent history thought to contain 272 million passwords. The problem: All passwords contained turned out to be aged, inaccurate and ultimately worthless. Several providers were on the list including Gmail, Yahoo, Hotmail, and The list was posted almost free of charge, which gave security experts the first red flag that led to a lot of scepticism. Experts reviewed the list and major providers responded that the passwords were inaccurate or too old for concern.

So why would a hacker bother building a list of junk passwords? In this case, the hacker was using it to improve his reputation on the black market. The black market is filled with forums and sites where hackers sell their wares (usually stolen passwords and credit cards) to buyers, sometimes your competitors. Because the black market is unregulated and available only through Tor, hackers first need to build a reputation before they can be trusted. The main way to build trust is to sell items and get good reviews. Once a hacker builds trust in the community, he can sell larger and more valuable items.

In the case of the password list, the hacker assembled and combined other lists into his own to give away in exchange for good feedback. Once his reputation is built, he can then sell quality-level lists for much more money.

Some people don't believe their accounts are worth anything or that their low-limit credit card is worthless to a hacker. On the dark markets, stolen credit cards, passwords and open accounts are extremely valuable regardless of this perception. Hackers usually don't target sites to use the data on their own. They steal data to sell on these markets, which means more data makes them more money, even low-limit credit cards or seemingly worthless accounts.

This is why it's important to always keep data secure and change passwords often. If your provider offers 2-factor authentication, use it to defend against these types of attacks. Don't disregard security thinking a hacker has no interest in your data. Your data is always valuable on the black market.

Subscribe by email