Stolen Identities Sold for 95¢ on Dark Web, Enabling Malware and Scams‑for‑Hire
What Happened — Malwarebytes Labs spent 48 hours crawling dark‑web forums and marketplaces and uncovered listings where fully‑formed personal identities (name, address, DOB, SSN, etc.) are being sold for as little as $0.95 each. The same venues also offered ready‑made malware payloads and “scams‑for‑hire” services that allow buyers to launch phishing, ransomware, or credential‑stuffing campaigns on demand.
Why It Matters for Compliance & Audit Readiness
- Credential compromise is a core SOC 2 CC 6.1 control failure; continuous monitoring of access‑management processes and evidence of MFA enforcement are required to demonstrate readiness.
- The cheap availability of full identities signals a systemic lapse in data‑handling policies; auditors will look for documented user‑provisioning, de‑provisioning, and security‑awareness training as proof of due diligence.
Who Is Affected – Retail & e‑commerce, financial services, healthcare, and any organization that stores personally identifiable information (PII).
Recommended Actions –
- Verify that all privileged and high‑risk accounts enforce MFA and have strong password policies.
- Deploy credential‑monitoring services to detect exposure of employee or customer credentials on underground forums.
- Refresh security‑awareness training to emphasize phishing resistance and safe handling of PII.
- Update incident‑response playbooks to include credential‑theft scenarios and dark‑web monitoring triggers.
Source: Malwarebytes Labs – Inside the Dark Web: Stolen Identities for 95¢, Malware, and Scams‑for‑Hire
Technical Notes – The listings rely on stolen credentials harvested via phishing, data‑breach dumps, and credential‑stuffing. No specific CVE is cited; the exposed data includes full PII records, which can be leveraged for identity theft, account takeover, and the distribution of malware‑laden phishing kits.