Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search
Red Hot Cyber Academy

$16 billion in stolen Apple, Meta, and Google credentials up for sale for $121,000

Redazione RHC : 5 September 2025 08:21

The Darklab team, Red Hot Cyber‘s community of threat intelligence experts, has identified an ad on the dark web marketplace “Tor Amazon”, the criminal counterpart of the popular e-commerce site on the clear web. The listing offers an unprecedented archive: 16 billion compromised credentials from leading platforms such as Apple, Facebook, Google, Binance, Coinbase, and many others.

The listing, priced at 1 Bitcoin (about $121,000), represents one of the largest and most diverse collections of data ever to appear in the underground circuits.

Images from the post published on the Amazon TOR underground marketplace (Source Red Hot Cyber)

Origin and nature of the leak

According to Darklab’s analysis, the packet does not originate from a single data breach, but from 30 distinct collections generated through malware campaigns.

The malicious actors would have exploited corrupted files and social engineering techniques to infect victims’ devices, harvesting credentials primarily from users who reused weak passwords or did not activate advanced security measures.

This feature makes the dataset particularly interesting from an investigative perspective, as it allows us to observe not only platform vulnerabilities, but also users’ bad habits and the real impact of the malware on daily security.

Sample of the data offered for sale in the TOR Amazon underground market (Source Red Hot Cyber)

Size and geographic distribution

  • Volume: the collections range between 16 million and 3.5 billion records each, with an average of approximately 550 million of credentials per batch.
  • Geographic concentration: The data is particularly dense in Asia and Latin America, regions often more exposed to mass breaches due to less resilient digital infrastructures and low user awareness.
  • Platform diversity: The leak covers heterogeneous environments – social networks, email services, financial platforms, and development portals – offering a cross-section of attack surfaces.

Implications for cybercrime and research

Selling on Tor Amazon reflects the growing threat of criminal marketplaces, which replicate the typical logic of legitimate e-commerce: escrow systems for transactions, buyer feedback, post-sales support.

For cybercriminals, data represents an immediately monetizable resource through:

  • large-scale phishing campaigns scale;
  • account takeover and financial fraud;
  • compromise of crypto wallets and related services.

For researchers and analysts, however, the dataset constitutes a precious source for:

  • study the distribution patterns of malware;
  • understand the impact of poor digital hygiene;
  • outline historical and economic trends of breaches on a global scale.

Final Considerations

The discovery made by Darklab highlights how the dark web criminal ecosystem is evolving towards increasingly structured and competitive models.

At the same time, it reiterates the need to adopt minimum protection measures—password managers, multi-factor authentication, continuous monitoring of data leaks—which remain the most effective defenses against threats of this magnitude.

In this scenario, the monitoring and analysis conducted by communities like Darklab proves crucial for uncovering phenomena that, if ignored, risk compromising entire digital ecosystems.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli