Search-Your-Target Market for Stolen Credentials
🔎 Flare analyzed 470 underground forum posts from January 2025 to June 2026 revealing a growing service layer that lets buyers query massive infostealer-derived credential collections for specific companies, platforms, domains, geographies, or account types. These sellers act as brokers, offering search, deduplication, formatting, and targeted delivery of credentials from databases claiming billions of records. Buyer feedback highlights gaps in quality, freshness, and validity, while the market partially overlaps with Initial Access Brokers and amplifies account takeover risks.
