CríticoActivoTendencia
Critical Risk
95%
Credential Marketplace Exposure
Stolen login pairs sold on criminal forums and dark web markets.
#dark-web#credentials#breach
Resumen de la amenaza
After breaches and infostealer infections, credentials appear on dark web marketplaces within hours—sorted by service, country, and account value.
Comportamiento del ataque
- Bulk sale of email:password pairs
- Session cookies sold separately
- Combo lists used for stuffing attacks
Métodos de infección
- Follows breaches and infostealer exfiltration
- Not direct endpoint infection
Síntomas e indicadores
- Dark web monitoring alerts
- Account takeover after breach news
- MFA fatigue attacks
Mitigación inmediata
- Rotate exposed passwords immediately
- Invalidate active sessions
- Enable phishing-resistant MFA
Guía de eliminación
- Close fraudulent sessions
- Review OAuth app grants
Métodos de prevención
- Dark web monitoring
- Unique passwords per service
- Breach notification response playbooks
Indicadores de telemetría
- Your email domain in stealer logs
- Corporate SSO credentials in combo lists
Infostealer logs often appear within hours. Large breach dumps may be sold in stages over weeks.