The dark web's most discussed threads, with more than 135,000 comments, focus on “combo lists” — databases filled with combinations of usernames, passwords, and other personal data from various breaches. And, one closely followed topic, with nearly 26,000 comments, focuses directly on account takeovers that exploit metadata for unauthorized access, according to analysis provided by NordVPN and NordStellar.
"Although last year's predictions remain relevant, the popularity of various hacking courses and DIY cybercrime kits has increased noticeably. Leaked personal media and customer data continue to circulate widely within these forums," says Adrianus Warmenhoven, a cybersecurity expert at NordVPN. “This year, we've delved deeper, exploring beyond the most commented topics to identify five new threats and vulnerabilities likely to rise in 2025.”
Key takeaways:
- Due to the common practice of password reuse across multiple sites, possession of login information enables hackers to commit fraud and misuse accounts for malicious purposes like conducting fraudulent transactions, which greatly increases the risk of identity theft.
- As long as password reuse continues, these attacks will remain highly effective and popular among cybercriminals. Experts predict an increase in these activities in 2025 as new data breaches continue to supply criminals with fresh credentials.
- Fraud discussions rank among the Top 10 most commented threads on the dark web, with users sharing tips, tools, and strategies for committing fraud successfully. Credit card and insurance frauds are frequently discussed, but identity theft remains the primary focus for hackers.
- AI-driven social engineering is expected to become more sophisticated. A significant emerging trend is the use of artificial intelligence (AI) to detect vulnerabilities, increasing the complexity of tools designed to manipulate human behavior for information extraction and crafting effective phishing emails.
“Identity theft is evolving, with new forms expected to emerge next year," says Warmenhoven. "One of them, synthetic identity fraud, which merges real and fake data, often incorporates deepfake technologies to increase its effectiveness. Another developing method is reverse identity theft, where individuals use someone else’s identity not for financial gain but to live as them in daily life — securing jobs, accessing medical care, or avoiding legal consequences. These strategies focus on long-term impersonation over immediate financial benefits.”