Joining marketplaces for stolen IDs, credit cards, malware kits [with customer support!], and probably anything else a criminal might find useful, Kaspersky found a market for breached servers. There may be more of these hacked server markets, or not, since these sellers do their best to keep themselves secret, e.g. using invitation-only forums/boards. The numbers included in the article are interesting &/or scary:
We have collected and concatenated all the pastes in one list: it contains around 176,000 unique records from October 2014 to February 2016.
Once you control a breached or hacked server, you can of course steal anything stored there, but you can also use it as a proxy [that keeps zero records/logs] to hide your IP, as a Command & Control server for malware, to host web pages that may or may not mimic legit sites, & that are laden with & distribute malware, to distribute spam etc.
securelist[.]com/blog/research/75120/the-tip-of-the-iceberg-an-unexpected-turn-in-the-xdedic-story/