A sobering new report reveals that 2024 witnessed an unprecedented surge in stolen digital credentials, with 2.9 billion unique passwords and 14.5 million credit card numbers available on underground markets. The sharp rise, fueled by infostealer malware and a growing underground economy, signals a deepening crisis in global cybersecurity.

The dark web has become a thriving marketplace of stolen digital identities, and new research confirms the problem is spiraling beyond previous estimations. According to a research team, 2024 saw a 43% increase in breach data available to cybercriminals, including 2.9 billion unique compromised passwords - a significant leap from 2.2 billion the previous year.

Previously viral reports estimated the total number of compromised credentials floating online to be around 19 billion, though only 1.4 billion were believed to be unique. The new figures invalidate that ceiling, suggesting earlier data grossly underestimated the scope of exposure.

Cybercriminals now operate in a commoditized ecosystem where passwords are traded for mere cents, and credit card data is sold for as little as $0.50, raising alarm among cybersecurity experts and regulatory bodies alike.

A key driver behind the data surge is the proliferation of infostealer malware - stealthy tools that silently harvest credentials from browsers, apps, and devices before exfiltrating them to threat actors. These tools are often deployed via phishing emails, trojanized software downloads, or malicious browser extensions.

While the breach footprint is global, the U.S. remains disproportionately affected. The report identifies that 20% of all breach victims in 2024 were from U.S.-based organizations, and the majority of the 14.5 million compromised credit cards also originated from the U.S.

This marks a dramatic shift in threat actor focus. Despite an overall 1.6 million decrease in non-U.S. card listings, the number of U.S.-based card entries surged by 4.5 million, now constituting over 80% of the global total.