A sobering new report reveals that 2024 witnessed an unprecedented surge in stolen digital credentials, with 2.9 billion unique passwords and 14.5 million credit card numbers available on underground markets. The sharp rise, fueled by infostealer malware and a growing underground economy, signals a deepening crisis in global cybersecurity.
An Expanding Underground Market
The dark web has become a thriving marketplace of stolen digital identities, and new research confirms the problem is spiraling beyond previous estimations. According to a research team, 2024 saw a 43% increase in breach data available to cybercriminals, including 2.9 billion unique compromised passwords a significant leap from 2.2 billion the previous year.
Previously viral reports estimated the total number of compromised credentials floating online to be around 19 billion, though only 1.4 billion were believed to be unique. The new figures invalidate that ceiling, suggesting earlier data grossly underestimated the scope of exposure.
Cybercriminals now operate in a commoditized ecosystem where passwords are traded for mere cents, and credit card data is sold for as little as $0.50, raising alarm among cybersecurity experts and regulatory bodies alike.
Also Read: Attention Startups! Showcase Your Smart Policing Solutions on India’s Biggest Stage
The Role of Infostealers and the U.S. Connection
A key driver behind the data surge is the proliferation of infostealer malware stealthy tools that silently harvest credentials from browsers, apps, and devices before exfiltrating them to threat actors. These tools are often deployed via phishing emails, trojanized software downloads, or malicious browser extensions.
While the breach footprint is global, the U.S. remains disproportionately affected. The report identifies that 20% of all breach victims in 2024 were from U.S.-based organizations, and the majority of the 14.5 million compromised credit cards also originated from the U.S.
This marks a dramatic shift in threat actor focus. Despite an overall 1.6 million decrease in non-U.S. card listings, the number of U.S.-based card entries surged by 4.5 million, now constituting over 80% of the global total.
Also Read: Attention Startups! Showcase Your Smart Policing Solutions on India’s Biggest Stage
Why This Matters: A Shifting Cybersecurity Paradigm
The implications of this data breach tsunami are profound. With passwords and credit cards widely available at bargain-bin prices, identity theft, financial fraud, and ransomware deployment are more accessible than ever to low-skill threat actors. The barrier to entry into the cybercrime economy continues to drop, creating an environment ripe for exploitation.
Cybersecurity experts warn that no organization or individual is immune.
“This isn’t just a tech problem anymore. It’s a societal threat,” said one analyst. “Credential stuffing, synthetic identities, and financial fraud are rising because we’ve allowed data breaches to become normalized.”