HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Stolen Identities Sold for 95¢ on Dark Web, Enabling Malware and Scams‑for‑Hire

Malwarebytes researchers discovered dark‑web marketplaces offering full personal identities for $0.95 each, alongside ready‑made malware and scams‑for‑hire services. The proliferation of such cheap credentials highlights a systemic risk to any organization that stores PII and underscores the need for robust SOC 2 access‑control practices.

LiveThreat™ Intelligence · 📅 June 24, 2026· 📰 malwarebytes.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
malwarebytes.com

Stolen Identities Sold for 95¢ on Dark Web, Enabling Malware and Scams‑for‑Hire

What Happened — Malwarebytes Labs spent 48 hours crawling dark‑web forums and marketplaces and uncovered listings where fully‑formed personal identities (name, address, DOB, SSN, etc.) are being sold for as little as $0.95 each. The same venues also offered ready‑made malware payloads and “scams‑for‑hire” services that allow buyers to launch phishing, ransomware, or credential‑stuffing campaigns on demand.

Why It Matters for Compliance & Audit Readiness

  • Credential compromise is a core SOC 2 CC 6.1 control failure; continuous monitoring of access‑management processes and evidence of MFA enforcement are required to demonstrate readiness.
  • The cheap availability of full identities signals a systemic lapse in data‑handling policies; auditors will look for documented user‑provisioning, de‑provisioning, and security‑awareness training as proof of due diligence.

Who Is Affected – Retail & e‑commerce, financial services, healthcare, and any organization that stores personally identifiable information (PII).

Recommended Actions

  • Verify that all privileged and high‑risk accounts enforce MFA and have strong password policies.
  • Deploy credential‑monitoring services to detect exposure of employee or customer credentials on underground forums.
  • Refresh security‑awareness training to emphasize phishing resistance and safe handling of PII.
  • Update incident‑response playbooks to include credential‑theft scenarios and dark‑web monitoring triggers.

Source: Malwarebytes Labs – Inside the Dark Web: Stolen Identities for 95¢, Malware, and Scams‑for‑Hire

Technical Notes – The listings rely on stolen credentials harvested via phishing, data‑breach dumps, and credential‑stuffing. No specific CVE is cited; the exposed data includes full PII records, which can be leveraged for identity theft, account takeover, and the distribution of malware‑laden phishing kits.

📰 Original Source
https://www.malwarebytes.com/blog/threat-intel/2026/06/inside-the-dark-web-stolen-identities-for-95%C2%A2-malware-and-scams-for-hire

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →