Data Goldmines: How Your Data Is Bought and Sold
Keep in mind: not all on the dark web is illegal. However, it’s a massive marketplace for stolen personal information and data. When a hacking incident or data breach occurred, personal data is often bought and sold on the dark web by identity thieves seeking to make money off your good name. Different Ways Your Data is Used Right Now Whenever you ask a search engine a question or every time you share a meme with a friend on social media, the information you share is being saved, collected, and distributed. You possibly do not give it enough thought, but your data could end up in numerous unexpected places. Below are some ways your online data is being utilized today. Websites utilize it for internal research Most sites use their users’ data to perform internal research. They might investigate the links you click in, the time you spend on a specific page, the media you share to optimize everyone’s user experience. Your online behavior might also lead to changes to a website’s design or help encourage new features. Apps utilize it to peek into your whereabouts Do you have a smartphone? There’s a high chance you are sharing data without even noticing it. Many download applications monitor your whereabouts even if you are not actively using such programs. It is not only the location-based apps such as maps that record location information, but also social media apps, games, and utilities such as flashlights trace users’ locations. A study discovered that smartphone users who used an array of phone apps for two weeks had their location documented at least 5,000 times in only fourteen days. Insurance firms assess it Insurance firms have been sought to buy and analyze your online data, using it to set premiums and rates. A few firms might even go as far as to snoop to a customer’s social media pages to deny or confirm claims. Social media networks use it to help you find friends Did you know that social media sites use the data you share, including your current location, school, job, and hometown, to connect you to people you might know? They also utilize your current social network—people you have connected with online—to find common connections. Companies sell your data Your data is much valuable than you think. You may not know it yet, but there’s an economy in place to buy and sell your online data. Further, data brokers collect your online information—everything from your name and address to your general internet activity and income—and sell it to other businesses and brokers. Thieves use it to steal your identity Some of the activities mentioned so far might be quite creepy, but they are all legal. However, you will find other ways your data could be utilized illegally. Fraudsters can use your personal data your share online and steal your overall identity, using your credit card details and name to make purchases of their own. It is nearly not possible not to put any of that data online. However, you should be extra mindful of what websites you use and ensure your passwords are secure to prevent your stolen data. Types of Information Available & Its Price You may be thinking about how much your data worth to these cybercriminals is. Well, brace yourself because the answer may shock you. Different pieces of information may be more important to cybercriminals, and it will vary on different factors. Below are the most typical pieces of information bought and sold on the dark web and the standard range of what they are worth: Medical records: $1 to $1,000 Passports: $1,000 to $2,000 Driver’s license: $20 Diplomas: $100 to $400 Subscription services: $1 to $10 Loyalty accounts: $20 Online payment services login info (such as PayPal): $20 to $200 Credit or debit card (credit cards being the most common): $5 to $110 With bank information: $15 With CVV number: $5 With Fullz info: $30 (This is a bundle of information that is composed of a full package for fraudsters, including name, birthday, SSN, account numbers, which make them desirable) Social Security Number: $1 How Are These Pieces of Information Bought? You will find different procedures a personal data is bought and sold on the dark web: Buy data as a one-off, like a SS number Buy bulk information, batches of the same information type Buy bundled information. It is often referred to as the premium package for identity thieves as it comprises different information bundled together Factors that Contributes to the Price of Personal Data You will find various factors driving the price of data bought and sold on the dark web. This includes the following: Limits or the capability to reuse the data It is more valuable to fraudsters if something has a greater limit or could be reused multiple times. On the other hand, personal data with low limits to steal or use could be leveraged after it’s less valuable. Account balance The higher the amount that can be acquired, the higher the price of that stolen data. That’s especially true whether dollar values or points in an account. Data supply The economic principle of supply and demand applies to fraudsters buying and selling stolen data. When there’s a low supply of specific data accessible for purchase, that data is more valuable to criminals. Data type and demand for the specific data As stated, various types of information could bring various monetary values. Practices to Protect Yourself This might look scary or overwhelming. However, you must be aware of what’s happening so you can safeguard yourself. Data breaches are on the rise and out of your control. Ensure you exercise good habits for your personal data, such as keeping healthy password practices and stopping from sharing your personal data unless needed. You should also ensure you keep your software updates and antivirus software on every device current, as those updates may have important security patches that are integral to safeguarding your data.
Compromised Conversations: The Latest Social Media Data Breaches
Social media has become a hotbed for many cybercriminal activities in recent years. Attackers and hackers are attracted to such platforms as they make finding and engaging targets insignificant, are cheap and simple to use, are easy to make fraudulent accounts, and enable the distribution of malicious content at an unprecedented efficiency and scale. Advanced and big-scale cybercrime on social media platforms has become mainstream, from the Russian operatives using Twitter to spear phish and dispense malware to a Vevo breach attack stemming from a LinkedIn phishing attack. The worst social media data breaches are getting more frequent and more dangerous. This post collected a list of the worst and damaging social media attacks of all time to show the increasing need for protecting these platforms. Vevo hacked through a targeted LinkedIn phishing attack, approximately 3.12TB exfiltrated The streaming platform Vevo encountered a data breach in 2017 when one of its staff was phished through LinkedIn. Fraudsters obtained and publicly released 3.12TB worth of the firm’s sensitive and confidential data. The professional social network enables attackers to quickly determine their target at a certain company and send them a bespoke message, all under the auspices of professional recruitment or networking. Phishing Twitter direct messages sent to customers from a compromised bank account In 2011, an Australian bank encountered the worst-case scenario for an account takeover. Criminals didn’t vandalize the account or post seditious messages. As an alternative, they send direct messages to Twitter followers asking them to disclose sensitive financial institutions. Most account hacks are embarrassing and expensive from a brand and public relations perspective. However, they can also be utilized for big-scale cyber attacks against a brand’s most engaged and loyal followers. LinkedIn breached, exposing 117 million accounts In 2016, the social network itself got breached. The LinkedIn data dump was the seventh biggest in history by a sheer number of compromised items. That data breach that originally happened in 2017 lead to an eventually 117 million exposed email address and password combination. All of these were sold on the dark web for 5 Bitcoin. Financial corruptions run widespread on social media In August 2016, ZeroFOX researchers disclosed the massive underground world of financial misconduct on social media. Scammers always prey on verified banks’ followers with fraudulent financial service offerings like money flipping and card cracking. The issue’s scale is substantial, with at least a quarter-million posts for a single form of scam on a single social network. The issue was discovered on each major social media network and led to hundreds of yearly losses. HAMMERTOSS malware utilizes social media as Command and Control device In July 2015, the Hammertoss malware searched social media networks for commands posted by attacker profiles. This enables fraudsters to control the malware through social media posts. Furthermore, the attacker group behind the malware is accountable for the attacks against the White House, the State Department, the Joint Chiefs of Staff, and other nation-state governments like Norway. The approach to weaponizing social media proves the need to assess and investigate social media as a full lifecycle attack vector. Fake social media personal delivers malware to employees through social media In 2017, attackers made a convincing fake persona—a London-based photographer named Mia Ash connected with corporate staff. The attacker distributed a Remote Access Trojan (RAT) known as PupyRAT through the social media honeypot accounts to take over the controls of victims’ devices. The persona obtained accounts across numerous social media networks. Third party app results to hundreds of high-profile account compromises TwitterCounter, a third-party app, allowed Turkish-language attackers to take over controls of high-profile accounts. They posted destructive messages over the Netherlands after a antagonistic week of failing relations between Turkey and the Netherlands and essential elections in both nations. The breached accounts included a series of global brands and well-followed verified accounts such as Amnesty International, UNICEF, the European Parliament, Starbucks, the official Bitcoin Blockchain account, and Forbes. Twitter spear-phishing outbreak nets word leaders In July, the Twitter accounts of some of the most influential individuals in the world like Kanye West, Joe Biden, and Barack Obama all posted malicious tweets requesting Bitcoin. The hack encouraged immediate questions and panic about how numerous high-profile accounts were hijacked. The master turned out to be a 17-year-old guy from Florida who was immediately detained, together with some associates. The fraudsters scammed Twitter users out of a little over $100,000 but caused a massive scandal. Zoom encounters scrutiny after series of attacks Cybersecurity problems of Zoom are numerous stories rolled into one. In April 2020, half a million Zoom passwords were discovered being sold on the dark web. Hijackers gathered such passwords through credential stuffing and packaged the compromised accounts into a new database. Hackers utilized advanced bots to get around Zoom’s instinctive force protections, testing filched data until they discovered matches. Google+ shuttered over data breach risk Most were surprised to find that the social media platform Google+ was shuttering as it had started to take off. Google discovered that a bug in the system unveiled more than 500,000 user’s information. The company was further worried that it had taken them more than two years to see the bug. Google does not think the data breach led to anyone using data to hurt people. However, they decided the risk was too massive. Hence, they shut the entire thing down instead. 87 million Facebook data breach In 2018, Facebook finished its comprehensive investigation into the Cambridge Analytica data breach. It had gone back years when a Cambridge University researcher made a 3rd party personality app. More than 300,000 Facebook users installed it and volunteered their personality data on both themselves and others, which extend the breach’s reach. The app later supposedly sold the results to Cambridge Analytica, an activist group. Social media data breaches are not an unlikely event. While these platforms take them seriously and work to safeguard their users, data breaches are unavoidable.
The End of Privacy: The Most Damaging Privacy Leaks of the 21st Century
Data is transforming to one of the most important assets in the digital realm. The tech giants monopolizing data are considered the most powerful organizations on the planet. Nonetheless, they are often becoming vulnerable to a data breach epidemic despite the overflowing value of data monitored by such entities. A data breach is an information security breach where personal data is exposed publicly without approval. When giant firms such as Yahoo and Facebook have gotten comprehensive attention for the outcome of a data breach, small companies are no escape. Take note that data breaches can impact businesses of all sizes in many different ways. They are challenging to determine, expensive to address, and can cause massive reputational damage that some enterprises never recover. Nevertheless, the only thing organizations can do in such scenarios is to mitigate the consequences of a breach to execute a detailed risk management practice for a recognition, restraint, and communication in the aftermath of a data breach. Below is the list of the well-known and biggest data breaches in the 21st century. FriendFinder Networks Data Breach Occurred in October 2016 and affected 400 million accounts This company suffered one of the major and most damaging data breaches in history in 2016. FriendFinder Network Inc. jeopardized 400 million accounts, with most of them coming from AdultFriendFinder.com. Did you know that every database involved in the breach is composed of usernames, email addresses, and passwords kept in plain text? Marriott International Data Breach Occurred in September 2018 and affected 500 million guest records. On September 8, 2018, a security tool flagged a suspicious effort to access a guest reservation database for Marriott’s Starwood brands. It was found out that the Starwood network was compromised in 2014 when the international corporation started an investigation. The data breach happened when it was still a separate company before merging with Marriott. In 2016, Marriott acquired Starwood but failed to incorporate the firm with its reservation system. Starwood was still utilizing its preceding IT infrastructure, which resulted to an attack. The record of five hundred million guests was washed out from the Starwood systems by the hacker. The cybercriminals utilized Trojan Horse software to access the accounts Facebook Data Breach Occurred in September 2019 and affected 400 million users This is one of the recent data breaches of today. The giant social media platform, Facebook, reported a series of security breaches in the past. Nevertheless, the data breaches that happened in 2019 were big. The company disclosed that millions of Instagram passwords had been kept online in plain text. After that, other problems, such as technical flaws allowing kids to chat with strangers online, undiscovered to their parents. News emerged of a data leak in September 2019 that uncovered the phone numbers of at least 400 million Facebook users. That database comprises records throughout numerous geographic locations, consistent with 133 million Facebook users in America, 50 million in Vietnam, and 18 million in the United Kingdom. The database in question was discovered to be unsecured by password or any form of encryption. Anyone searching the web could find and access that data. First Americans Financial Corporation Data Breach Occurred in May 2019 and affected 885 million users American journalist Brian Krebs reported the big data breach of financial records from the company in 2019. The breach leak digitalized documents which go back to 2013. A few of the most important data stolen during the incident were drivers’ license images, wire transaction receipts, social security numbers, mortgage and tax records, bank statements, and bank account numbers. What’s more, the breach was started from an authentication mistake. No verification was needed to access the files that make them accessible to anyone with a browser. Any individual with the link can access data, and with a change of one digit, it was simple to find other documents with the same URLs. The company encountered a common web designer error referred to as Direct Object Reference (IDOR). A web page with sensitive data is made so a certain party will only view it. Nonetheless, the table turned as there’s no other way to determine the person seeing it. Anybody who types the link could easily and directly access the web browser. Cybercriminals and hackers used Advanced Persistent Bots (APBs) to gather and index the remaining documents. This data breach proved that companies could not massively depend on unique links to protect data. As an alternative, documents must be safeguarded with passwords and multi-factor authentication. Yahoo Data Breach Occurred in October 2017 and affected three billion accounts Yahoo suffered the biggest and most detrimental breach in history in 2013. However, it took another 3-4 years to find the accident. The Chief Intelligence Officer of InfoArmor, Andrew Komarov, discovered the data breach when he’s assisting the firm in responding to another data attack in 2016. He unraveled hints of the 2013 breach while trying to take down the stolen information. He observed a dark web seller providing close to $300,000 for a list of over a billion Yahoo accounts in August 2015. Yahoo experienced a hot in its income when it went public along with the massive data breach. The organization alerted its users to reset all their passwords and restart their security questions. News of the breach declined Yahoo’s value by $350 million, not to mention the stock price drop by three percent. The security breach led the company to long-term effects. What’s more, the company ran into different civil and regulatory complainants, as it failed to disclose the breach timely. It is expected that most of their post-breach injuries could have been prevented had it been assessed and revealed the breach sooner. There you have it! These are the top five of the biggest and most damaging data breaches in the 21st century. What are your thoughts about this post? Share your insights with us by leaving your comments below!
