CritiqueActifTendance
Critical Risk
95%
Credential Marketplace Exposure
Stolen login pairs sold on criminal forums and dark web markets.
#dark-web#credentials#breach
Aperçu de la menace
After breaches and infostealer infections, credentials appear on dark web marketplaces within hours—sorted by service, country, and account value.
Comportement d’attaque
- Bulk sale of email:password pairs
- Session cookies sold separately
- Combo lists used for stuffing attacks
Méthodes d’infection
- Follows breaches and infostealer exfiltration
- Not direct endpoint infection
Symptômes et indicateurs
- Dark web monitoring alerts
- Account takeover after breach news
- MFA fatigue attacks
Atténuation immédiate
- Rotate exposed passwords immediately
- Invalidate active sessions
- Enable phishing-resistant MFA
Guide de suppression
- Close fraudulent sessions
- Review OAuth app grants
Méthodes de prévention
- Dark web monitoring
- Unique passwords per service
- Breach notification response playbooks
Indicateurs télémétriques
- Your email domain in stealer logs
- Corporate SSO credentials in combo lists
Infostealer logs often appear within hours. Large breach dumps may be sold in stages over weeks.