Criminals are now able to put up a targeted individual’s complete digital identity for sale for less than $50, according to new research by Kaspersky Lab, a longstanding international cybersecurity firm.
The research, according to Kaspersky Lab, "uncovered an appetite among cybercriminals for data stolen from popular services - including via social media accounts and remote access to gaming websites."
The cybersecurity firm conducted a study into Dark Web markets to find out how much personal data is worth and how it is used by cybercriminals, and have found that criminals can sell someone’s complete digital life for less than $50, "including data from stolen social media accounts, banking details, remote access to servers or desktops, and even data from popular services like Uber, Netflix, and Spotify, as well as gaming websites, dating apps, and porn websites which might store credit card information."
Kaspersky Lab's researchers also found that "the price paid for a single hacked account is lower, with most selling for about $1 per account, and with criminals offering up discounts for bulk-buying."
Spear phishing campaigns or exploitation of a web-related security vulnerability in an application's software appear to be among the most common way for criminals to commit personal data theft, through which they collect "password dumps" containing "a combination of emails and passwords for the hacked services."
Kaspersky Lab added that "some criminals selling data even provide their buyers with a lifetime warranty, so if one account stops working, the buyer will receive a new account for free."
Senior Security Researcher at Kaspersky Lab David Jacoby said: "It is clear that data hacking is a major threat to us all, and this applies at both an individual and societal level, because stolen data funds many social evils.
"Fortunately, there are steps we can take to prevent it, including by using cybersecurity software, and being aware of how much data we are giving away for free – particularly on publicly available social media profiles, or to organizations," Mr Jacoby assured.
Kaspersky Lab urges users of the Internet to protect themselves from such risks by taking several easy security steps, which it says "should become an integral part of any Internet user’s digital life”:
- Always check that the link address and the sender’s email are genuine before clicking anything to prevent falling prey to phishing. A "robust security solution" will also warn users before accessing a web site that is potentially used for phishing.
- Users should not use the same password for several websites or services in order to prevent one data leak harming all of their digital identities. A specific password manager application, such as Kaspersky Password Manager, is recommended "to create strong, hack-proof passwords and remove the struggle of remembering them."
- Services such as PrivacyAudit.me that automatically search for a user’s data across a large number of sources will help users discover and keep track of entities that have their personal data.
A full report on the value of data on the black market can be accessed at securelist.com.