Your passwords are already for sale. Here’s the proof.

May 2, 2026

By Kim Komando

“There’s no way criminals are selling my passwords online.”

That’s what a family member told me the other day. He was wrong. I know because we found his passwords together. Cost me $12 and about four minutes.

He asked me not to use his name. But he was floored and wanted me to share everything we found.

🕵️ What $12 buys

The dark web marketplace looked like Amazon. Search bar. Filters. Customer reviews. Bulk discounts. “Fresh data” listed like produce at a farmers market.

I had him search his own email address.

His Gmail password from 2019. A Yahoo account he’d completely forgotten. Three shopping sites he used once. All listed. Plus birth year, phone number and ZIP code thrown in as a bonus.

The worst part? Some passwords were current. He was still using them.

That 2019 Gmail password had been sold 847 times, according to the listing. That’s at least $1,694 in criminal profit. From one reused password. One.

💸 How the business works

His data mostly came from breaches he’d never heard of. A flower delivery service from 2018. A fitness app that quietly went out of business. A forum he joined, then forgot existed.

Hackers sell the same stolen data over and over. The seller had 4.8 stars and glowing reviews praising “working credentials.” Like Etsy but for your identity.

Here’s what we did immediately. Changed every single password. He wanted a password to be BeefStew, but I told him it wasn’t stroganoff. (Yeah, he groaned, too.)

To do all this work, I set him up with NordPass.* Here’s why it’s the one I use and trust:

• Dark web monitoring scans criminal marketplaces 24/7 and alerts you the moment your credentials appear for sale. You find out before the criminals cash in.
• A unique password generator creates an uncrackable password for every account. No more reusing. No more “forgot password” spirals.
• $1.43 a month. Less than a pack of gum to protect every login you own.

Sometimes people need to see the threat to believe it’s real. The dark web is very real. And I bet that your passwords are already there.

✅ Get 52% off NordPass, only $1.43/mo with this limited time offer.

📩 Send this to someone who reuses the same password on multiple sites. The icons below make it one-click easy.