For Sale on Dark Web: 360 Million Sets of Stolen Personal Data

There are over 360 million stolen sets of personal data for sale on the dark web, according to IT security firm Hold Security. The same investigation also uncovered 1.25 billion email addresses available on the black market.

All observations were made over just the first 3 weeks of February.

The email addresses could be purchased for use in various kinds of scams, while the data sets take the form of credentials. The credentials are a greater threat to businesses and individuals than “more ‘standard’ theft of credit card information,” because of the access they could grant to networks serving bank accounts, health records, or corporations, according to Computing.

“These mind boggling numbers are not meant to scare you and they are a product of multiple breaches which we are independently investigating,” the company said in a statement. “This is a call to action, and if you are concerned about integrity of your company’s user credentials we encourage you to use our Credentials Integrity Services.”

Hold Security chief information security officer Alex Holden said that the data was stolen in a number of separate attacks, and that the organizations suffering the breaches in many cases have either not reported or not yet discovered them.

One attack resulted in the theft of 105 million records, which may make it the largest data breach ever recorded. Between 70 and 110 million records were stolen from Target in December.

Large scale data theft has been growing with cybercriminals using new techniques to deliver malware. Numerous Yahoo mail records were stolen in a third-party data breach in January.