In brief: Underground marketplaces automate searches through stolen credential databases for target enterprises, simplifying access to compromised accounts for broader attacker groups.
A growing underground market offers services to search stolen credential databases for specific enterprises, domains and user accounts. Attackers no longer have to struggle through mass datasets themselves.
The credential-search market has professionalized: actors on the dark web can pay third parties to identify their target enterprises in already leaked databases. This significantly lowers the entry barrier for beginners and accelerates the preparation of cyber attacks.
For CISOs, this represents a shift in threat dynamics. The attacker community is fragmenting: specialized services take on the resource-intensive work of database searching, while other groups use the found credentials directly for attacks. This complicates defensive measures, as more attackers can work with stolen access credentials.
Organizations should increasingly focus on credential monitoring, anomaly detection during logins, and multi-factor authentication. At the same time, it should be checked whether corporate domains or user accounts already appear in known leaks and whether corresponding password reset campaigns are necessary.
Source: www.bleepingcomputer.com · Published June 22, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.