The 773 million records recently posted on a hacking forum, now known as “Collection #1”, are merely the tip of a vast iceberg of stolen data now available to organised cyber criminals, hostile governments and terrorists.

The Dark Web increasingly hosts Bitcoin sales of all kinds of data sets, ranging from customer and financial details to highly confidential data such as new product designs and business strategies.

Almost all the data being traded on the Dark Web is earmarked for illegal use of some kind. Stolen data can be used for all kinds of purposes including bank robbery and terrorism.

The Collection #1 data haul would typically be used by cyber criminals in what is known as “credential stuffing” scams, in which hackers throw thousands of email and password combinations at a given site or service until they succeed in breaking in.

Credential stuffing software was also used prior to the major Tesco Bank attack, in which £2.5 million was siphoned from customer accounts. CyberInt analysts found early indications of the attack while carrying out a probe of hidden pages on the Dark Web, which revealed that cyber criminals were discussing the potential uses of a software tool that tested thousands of login and password combinations, enabling access to Tesco accounts.