Since 2018, five million people across the globe had their data stolen. A NordVPN study found that cybercriminals were able to obtain extremely sensitive user data including 26.6 million usernames and passwords. Among them were 720 thousand Google logins, 654 thousand Microsoft logins and 647 thousand Facebook logins. 

The average price for a person’s digital information on the bot markets is $6. Moreover, because the malware steals logins together with cookies and device configuration information, cybersecurity experts say that the rise of this malware will help hackers to bypass multi-factor authentication (MFA). 

After logging in to a user's account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed. 

Researchers analyzed three major bot markets: the Genesis Market, the Russian Market and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research.