Stolen South African credentials sell for as little as R100 on dark web amid surge in breaches

TL;DR: South African usernames and passwords are appearing on dark web markets for as little as R100, underscoring a sharp rise in data breaches across banks, insurers and government entities. Standard Bank confirmed a breach that exposed client identifiers while its core systems stayed intact.

Context: Cybersecurity experts report that stolen credentials are flooding underground markets, driving prices down to a few rand for basic logins and under R100 for access to corporate networks. The trend follows a series of high‑profile incidents affecting financial institutions, insurers, public‑sector agencies and healthcare providers.

Key Facts: Standard Bank disclosed an intrusion that compromised personal identifiers but affirmed that core banking platforms remained unharmed. Liberty Group, Statistics South Africa and Polmed, the medical aid for police officers, each reported separate breaches exposing customer or member data. Attackers commonly harvest credentials via infostealer malware (MITRE ATT&CK T1003), phishing campaigns enhanced with AI‑generated lures (T1566), and large‑scale data dumps that fuel resale markets.

What It Means: Low‑cost credentials increase the risk of credential stuffing, unauthorized access and lateral movement within organizations. Reused passwords across personal and work accounts amplify the impact of each stolen record, potentially leading to financial fraud, identity theft and operational disruption.

Mitigations: Enforce multi‑factor authentication on all remote and privileged accounts. Patch known vulnerabilities that enable credential dumping, such as CVE‑2023‑28252 (Windows Print Spooler) and CVE‑2022‑22965 (Spring4Shell). Deploy endpoint detection and response tools to monitor for suspicious login attempts and unusual process activity. Use threat‑intelligence feeds to block known malicious IPs and domains associated with dark‑web marketplaces. Conduct regular security awareness training focused on recognizing AI‑assisted phishing emails.

Watch for: Increased adoption of AI‑driven phishing kits and the emergence of new infostealer families targeting South African enterprises, which could further lower the cost of stolen access.