Stolen Identities Affordable and Available from a Few Dark Web Vendors

January 8, 2019

This is quite the bargain for bad actors—Kodos Blog reports, “Hackers Charging £10 for Stolen UK Identities.” Writer Ali Raza tells us recent studies show packages of data required to usurp a victim’s identity can be found for as little as £10, or about 12 and a half bucks. We learn:

“On the dark web, these information packages are called fullz (full IDs), and they can be found on numerous black markets. They often contain things such as names, addresses, bank data, online passwords, and more. Researchers believe that a number of high profile hacks that occurred recently are keeping the markets filled with this type of data. Hundreds of millions of internet users have had their data stolen in 2018 alone. Some of the most famous hacks from the last few months include several Facebook incidents, the hack of British Airways, Marriott hotel, and more. Stolen information then gets posted on the hidden part of the web, known as the dark web.”

We presume in order to create more clients, vendors of such data also offer instruction in how to open loans and credit cards in the victims’ names. Not for free, of course; such a guide runs about £6. The article adds:

“[One] seller also offered a sample of stolen information, currently being in their possession. The data includes names, occupation, addresses, and even date of birth and similar information. The sample itself belongs to a Bristol-based Polish-born woman. Researchers have described this type of stolen information as ‘key to online fraud’. As the internet has become a large part of most peoples’ everyday life, demand for this type of info is constantly on the rise.”

And yet, Raza reports, most consumers have no idea how pervasive these data hacks are. In fact, says one expert, most of us already have had our data stolen and sold on the Dark Web—it’s just a question of how often. One can check whether their email address is believed to have been compromised at several websites, the most famous of which may be Have I Been Pwned. To prevent identity theft, users should follow best practices, like using separate, hard-to-guess passwords for different accounts and taking advantage of two-factor authentication where offered.

Cynthia Murrell, January 8, 2019

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta