Posted on December 26, 2018 at 3:55 PM
Data theft incidents continue to be a problem around the world, and the dark web is filled with offers to purchase these stolen identities. According to recent reports, this stolen data — which contains most of the information necessary for performing identity thefts — can be purchased on the dark web for as little as £10.
On the dark web, these information packages are called fullz (full IDs), and they can be found on numerous black markets. They often contain things such as names, addresses, bank data, online passwords, and more. Researchers believe that a number of high profile hacks that occurred recently are keeping the markets filled with this type of data.
Hundreds of millions of internet users have had their data stolen in 2018 alone. Some of the most famous hacks from the last few months include several Facebook incidents, the hack of British Airways, Marriott hotel, and more. Stolen information then gets posted on the hidden part of the web, known as the dark web.
The dark web can only be accessed via special software, such as the Tor browser. After gaining access, hackers and other online criminals are free to buy and sell such information and potentially cause further harm to information owners.
Researchers have recently noticed that one seller is offering such information in exchange for Bitcoin — a relatively new and growing trend that comes in a form of digital currency. Cryptocurrencies have been one of the hackers’ favorite ways of sending and receiving payments due to their semi-anonymous nature. This particular offer requests £10 in Bitcoin in exchange for stolen data.
The seller also offered a sample of stolen information, currently being in their possession. The data includes names, occupation, addresses, and even date of birth and similar information. The sample itself belongs to a Bristol-based Polish-born woman. Researchers have described this type of stolen information as “key to online fraud”. As the internet has become a large part of most peoples’ everyday life, demand for this type of info is constantly on the rise.
The dark web offers stolen data, as well as instructions on how to use it
According to Simon Migliano, a well-known dark web analyst, this information alone is enough to open lines of credits on another person’s behalf. Identity thieves can even obtain loans and credit cards by using this data, and the victim suffers the consequences. The information is usually priced depending on its usefulness, and the likelihood of profit.
Migliano, who acts as the security firm Top10VPN’s head of research, has also stated that there is an entire price index for selling this type of content. Similar information includes login data for dating apps, online shopping websites, streaming services, and even social media profiles. If a person were to have accounts on all the websites listed on the index, it is estimated that the identity value would likely be at around £820 per individual.
Researchers have also confirmed that the dark web contains entire guides with instructions on how to carry out different crimes, such as obtaining loans with stolen data. One such guide can be obtained for as little as £6, and its creator claims that the process can be performed worldwide. Furthermore, it does not require any special skills.
The price of stolen data can vary from one seller to another. As mentioned, the price is also impacted by the usefulness of the information offered. Typically, bank account data is deemed the most valuable, as well as information regarding financial services, like PayPal login credentials, and alike.
Sensible online behavior can minimalize the risks
According to another dark web researcher, Terbium Labs’ Emily Wilson, the very scale of this problem is its most concerning aspect. According to Wilson, this data can be found and purchased anywhere in the world, at any time, and it often comes at extremely low prices. This makes it easy for scammers to obtain it, and even easier to exploit it, while the victims of the scam often have no idea about the danger they are in.
The lack of awareness by the general public regarding this issue is another big problem. Cyber experts often stress that the issue is not whether or not a person has been hacked, but how many times has it happened already. There are already numerous websites that can be used for checking if an email address was noticed on dark web black markets. Websites such as Have I Been Pwned contain massive databases, listing emails that are believed to be compromised.
Another researcher, Recorded Future’s Andrei Barysevich, stated that no one is immune to personal information theft in this day and age. Because of that, internet users need to be aware of such dangers, and they need to learn to adapt to them. This includes things like using different passwords for each account, as well as making these passwords long and complex so that they are not easily guessed. Furthermore, security protocols like two-factor authentication can help, and credit monitoring services are another way to keep an eye on credit profiles.
Migliano notes that most people have likely already had their data stolen and sold on the dark web. This is not something that anyone can do anything about. Regular internet users can do little to prevent website hacks and large data thefts. They can, however, secure your data as best as they can, and keep changing login credentials on regular basis. Minimalizing risks is currently the best that anyone can do, and the key to doing it is sensible online behavior.