A new study has shown that there are 15 billion credit card details circulating on the dark web.

A group of researchers at cyber security firm Digital Shadows discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services.

The vast majority of exposed credentials belong to consumers and not businesses, the researchers found, resulting from hundreds of thousands of data breaches.

Unsurprisingly, the most expensive credentials for sale were those for bank and financial services. The average listing for these was £56 on the dark web – a section of the internet notorious for criminal activity that is only accessible using specialist software.

Rick Holland, CISO at Digital Shadows said, “The sheer number of credentials available is staggering.”

A surge in data breaches has caused the number of credit cards to rise by 300 percent since 2018. It is no surprise, with an estimated 100,000 breaches having taken place over the last two years.

Among the credentials for sale were those that granted access to accounts within organizations, with usernames containing the word “invoice” or “invoices” among the most popular listings.

The validity of the data was not confirmed by Digital Shadows. The researchers said that listings included those for large corporations and government organizations in multiple countries.

Security Advise

Internet users are advised to use individual passwords for each online service that they use and adopt measures like two-factor authentication where possible.

Online tools like HaveIBeenPwned can also indicate whether a person’s email address has been compromised in a major data breach.