The passwords are usually stored as cryptographic hashes and it’s not clear what they’re selling, those hashes or brute-forced password. Any way one has to use the complicated passwords part of which is taken from HW security keys and having at least 256 bit entropy. More on that is
in that topic.
Exploration by cybersecurity firm, Cyble Research Team, uncovered that on May 29, information for more than 80,000 charge cards were set available to be purchased on the dark web. The data from these cards seem to have been accumulated from different nations around the globe.
https://www.currencytimes.co.in/cyber-security-firm-is-selling-your-password-credentials-on-dark-web/