View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 8, 2022

Five million digital identities found for sale on the dark web

Data harvested by bots is being made available in vast quantities on dark web marketplaces, a new report reveals.

By Claudia Glover

Digital identities of five million people are for sale on so-called “bot markets” on the dark web. The stolen data appears to include digital fingerprints, auto-fill forms and user logins. The worst affected country is India, where 600,000 citizens appear to have had their details pilfered.

Data of citizens from more than 700 countries found on bot marketplaces. (Photo by sitthiphong/Shutterstock)

The data identified in a new report from VPN provider NordVPN includes cookies, logins, webcam screenshots and digital fingerprints. It is estimated in the report that 12% of all the data on the bot markets is Indian. The average price of a single digital identity of an Indian is 490 Indian Rupees, or £4.87.

What is a dark web bot market?

Bot markets are used by cybercriminals to sell data they have stolen using bot malware, and NordVPN has been tracking activity on these platforms since bot markets were first launched in 2018.

They host and sell data harvested by bots that have infiltrated private devices. “The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data,” the report says. “Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.”

Bot markets can be found both on the dark and the clear webs. The Genesis market, for example, has a professional-looking, publicly accessible website through which it sells digital fingerprints. A search function allows users to find credentials from a specific site, or particular data such as financial data. 

According to a report by security company F5, Genesis Marketplace also has a full-featured help desk with a ticketing system. This works like a normal tech support portal where marketplace operators will promptly answer requests in English. 

Dark web bot markets hold five million digital identities

The countries whose data appeared most commonly on the marketplaces, according to NordVPN’s research, are India, the US, Italy, Spain, France and Brazil, as well as in smaller numbers from 713 other nations.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The markets covered by NordVPN include the three largest on the dark web, the Genesis Market, the Russian Market and 2Easy. The most popular types of malware that steal the data are RedLine, Vidar, Racoon, Taurus and AZORult. 

 Within the markets at least 26.6 million stolen logins were found, including 720,000 Google logins, 654,000 Microsoft logins and 647,000 Facebook logins. 

Among the data, researchers also uncovered 667 million cookies, 81,000 digital fingerprints and 583,000 auto-fill forms.

Auto-fill forms are noteworthy as, apart from email addresses and names they often include home addresses and financial information. 

"What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. “After the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” said Marijus Briedis, chief security officer at NordVPN. “A simple password is no longer worth money to criminals when they can buy logins, cookies and digital fingerprints in one click for just 490 rupees."

Read more: Credential stuffing attacks fuel dark web trade in log-ins

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.