While many of us have heard of, or even fallen victim to, cybercrimes such as data and/or identity theft, it seems that relatively few know the value of the information stolen from us. A new study from Kaspersky Lab, involving more than 7000 consumers from nations across Europe, reveals a continent-wide fear about the theft and illegal use of personal data, but also shows that many are often unsure about the value of their data, and what criminals might use it for.
While 59% of respondents to the Kaspersky Lab research acknowledge that companies can make money by selling their personal data to other parties, 50% do not know how much their data is worth, whether to those companies, or to criminals. As a result, their approaches to data security may be haphazard, making it all too easy for criminals to steal data and commit crime.
The fact is that data, even data that many people would consider innocuous, is routinely stolen and sold on the dark web, For example, stolen medical records, which sold for between $70 and $100 each in 2016, have now dropped in price simply because there are so many in circulation.
Additional research by Kaspersky Lab’s Global Research and Analysis Team has looked into the extent of this problem. Researchers found that criminals can sell someone’s complete digital life for less than $50; including data from stolen social media accounts, banking details, remote access to servers or desktops, and even data from popular services like Uber, Netflix, and Spotify, as well as gaming websites, dating apps, and porn websites which might store credit card information. Meanwhile, researchers found that the price paid for a single hacked account is lower, with most selling for about $1 per account, and with criminals offering up discounts for bulk-buying.
David Jacoby, Senior Security Researcher at Kaspersky Lab, said in his research:
“It’s quite mind-blowing, but you can basically sell someone’s complete digital life for less than $50. Most people aged between 15 and 35 have registered for over 20 different online services and maybe use only about 10 on a regular basis, making it easier for hackers to go unnoticed and make their money.”
The most common way criminals steal this sort of data in the first place is via spear phishing campaigns or by exploiting a web related security vulnerability in an application’s software. After a successful attack, the criminal gets password dumps which contain a combination of emails and passwords for the hacked services. And, with many people using the same password for several accounts, attackers might be able to use this information to access accounts on other platforms too.
Interestingly, some criminals selling data even provide their buyers with a lifetime warranty, so if one account stops working, the buyer will receive a new account for free.
Stolen Data: Valuable and versatile
Stolen data may have limited resale value, but is valuable in that it can also be put to many uses. This could cause huge problems for an individual victim, as they may lose their money and/or reputation, find themselves being chased for debt that somebody else has incurred in their name, or even suspected of a crime that somebody else has committed using their identity as cover. At the very least, they will have to spend time re-securing their accounts. But there may also be more widespread effects of data theft. For criminals tend to work together, and the money earned by selling data can be used to fund drugs, guns and various forms of organised crime. Stolen identities can be used to forge passports for trafficked people, or to commit many other types of crime.
We all have a duty to act. It is clear that data hacking is a major threat to us all, and this applies at both an individual and societal level because stolen data funds many social evils. Fortunately, there are steps we can take to prevent it, including by using cybersecurity software, and by being aware of how much data we are giving away for free – such as on publicly available social media profiles or to organisations.
As David Jacoby at Kaspersky Lab puts it,
“Data and identity theft are extremely commonplace events, if you do not act to protect yourself then it is very possible that you too will become a victim. Hackers do not just target businesses or celebrities; everybody’s data has a value and can be sold. What is more, the trade in stolen data funds some very serious crime indeed. We all have a duty to protect ourselves, to stop this dangerous and debilitating crime. Fortunately, there are steps we can take to prevent it, including by using cybersecurity software, and being aware of how much data we are giving away for free – particularly on publicly available social media profiles, or to organisations.”
People can avoid such risks by taking several easy security steps, which should become an integral part of any Internet user’s digital life:
To stay safe from phishing, always check that the link address and the sender’s email are genuine before clicking anything. A robust security solution will also warn you if you attempt to visit a phishing web page.
To avoid one data leak harming all your digital identities, never use the same password for several websites or services. To create strong, hack-proof passwords and remove the struggle of remembering them, use a specific password manager application, such as Kaspersky Password Manager.
To find out who has your personal data, use services such as PrivacyAudit.me that automatically search for a user’s data across a large number of sources (The Beta version is available in the UK, with a wider roll out planned for 2019).
To read the full report on the value of data on the black market, visit securelist.com