TL;DRHUMAN Security found 12M stolen streaming accounts tied to World Cup broadcasts on the dark web, worth $220M. Sellers raise prices as tournament demand grows.
More than 12 million compromised streaming accounts tied to World Cup broadcasts are circulating on the dark web, representing nearly $220 million in potential black-market sales. The findings come from HUMAN Security’s Satori Threat Intelligence team, which tracked accounts across 10 streaming services carrying tournament matches. On June 27, the final day of the group stage, threat actors released a record 802,000 accounts in a single day, generating an estimated $14.8 million in potential revenue.
The sellers are treating the World Cup like any high-demand retail event: expanding inventory and raising prices as consumer interest peaks. Stolen accounts sell for as little as $5, compared to legitimate subscriptions costing $30 to $50. Some listings advertise linked payment cards, loyalty points, premium tiers, and warranties promising replacement accounts if buyers lose access. Lindsay Kaye, VP of threat intelligence at HUMAN Security, told Fortune that demand is growing as fans seek cheaper ways to watch.
The accounts were likely obtained through credential-stuffing attacks using stolen usernames and passwords already on the dark web, or through info-stealing malware that extracts credentials saved on victims’ devices. Over 4,300 fake FIFA domains and banking malware hidden in streaming apps were already targeting World Cup fans before the tournament kicked off on June 11. The stolen-account market is a separate layer of the same infrastructure, monetising credentials rather than phishing for new ones.






