More than 65 million digital credentials have been ‘leaked’ in 2023

• This data is extracted from the research work being carried out by the Digital Surveillance department of the cybersecurity company S2 Grupo on the theft of credentials on the network.

• One of the main ways in which data is obtained is through infostealers, a type of malware that steals data from technological devices.

• The information is sold on different forums and platforms such as Telegram, which offer packages with passwords and access data to confidential company information, private VPNs or RDP, among many others, for amounts ranging from $100 to $400 per month.

Valencia 20 May 2023.- The Valencian company S2 Grupo, specialized in cybersecurity and critical systems management, is carrying out a research work in 2023 on the theft of digital credentials in Spain. One of the main conclusions drawn by his team is that only in the first four months of the year 65,267,777 have been leaked, in order to trade with them.

"The objective of the theft of access data and all kinds of private information is always the same: money or information that is worth a lot of money. Until now, the sale was made on platforms such as RaidForums, but this was closed and the sale of credentials through forums has been eclipsed with the proliferation of Telegram groups", explained José Rosell, managing partner of S2 Grupo.

"However, the information packages sold on the forums are more complete than what can be found on Telegram. These usually include RDP (Remote Desktop Protocol) accesses, private VPNs (Virtual Private Network) and even confidential information about companies", said Miguel A. Juan, managing partner of S2 Grupo.

From the research conducted by the Digital Surveillance department of this cybersecurity company, it is also observed how Telegram groups usually distribute several combolists (list of usernames and passwords used in automated login attempts) for free to gain subscribers.

"These combolists are often old or quite trite and many of the credentials provided no longer work. For this reason, many groups sell temporary subscriptions to "clouds" or private groups where they upload fresh and verified information," highlighted José Rosell.

As far as the price of selling credentials is concerned, they seem to have remained stable since 2022 and tend to have similar prices across platforms ranging from $100 to $400 per month.

How is the data obtained? From S2 Grupo it has been detailed that this information is collected by "infostealers", a type of malware that acts as a Trojan horse in systems by stealing information. In this way, they collect credentials and other information from the victims' technological devices. This information is then sold to more sophisticated groups such as "Ransomware" or "APT" (Advanced Persistent Threats) groups to facilitate their access.