Data breaches, stolen data and their sale in the Dark Web

Trend Micro published a report that explains the dynamics triggered by data breaches, following data from the incidents to their offer in the Dark Web.

Trend Micro published a report that explains the dynamics triggered by data breaches, following data from the incidents to their offer in the Dark Web.

Stolen data is a precious commodity in the criminal ecosystem, and in particular in the Deep Web. The great number of data breaches that security firms frequently discover are fueling the underground market of an impressive amount of users’ data.

Let’s think to the recent attacks suffered by Ashley MadisonOPM and Hacking Team that impacted millions of users, their accounts and intellectual property were compromised by even more sophisticated hacks.

As usual experts at Trend Micro are a source of inspiration for me, like me, they constantly monitor the evolution of the criminal underground giving us an interesting point of view of the activities of the principal crime rings.

The last report entitled “Follow the Data: Dissecting Data Breaches and Debunking the Myths” focuses on the data breaches and the dynamic triggered by such kind of events.

The experts integrated their analysis with data from the Privacy Rights Clearinghouse (PRC)’s Data Breaches database, they discovered hacking or malware account for 25 percent of data breaches in Q1 2015. Other causes are insiders, physical skimming devices and the loss or theft of devices (i.e. Mobile devices, flash drives).

Data breaches are phenomena really complex to analyze, it is not easy to promptly discover the root causes neither to predict the medium and long-term effects on the victims.

Some data breaches are caused by threat actors intentionally, others are the result of an unintended disclosure, typically personnel mistakes or negligence.

The statistics on the data breaches confirm that the number of incidents that exposed credit and debit card data has increased 169% in the past five years. It is interesting to note that the value of information in the underground market is rapidly changing, while the prices for credit and debit card, bank account, and personally identifiable information (PII) dropping due to oversupply, the value of compromised Uber, online gaming and PayPal accounts are rising. PII is the data most likely stolen followed by financial data.

Analyzing the data breaches per industry, it is possible to note that Healthcare it the most affected by data breaches, followed by government, and retail.

The report follows the entire life cycle of the data breaches, from the intrusion to the offer of the stolen data on the Dark Web.

The researchers investigated on the prices of commodities in the black markets hosted in the Tor Network, US accounts of mobile operators can be purchased for as little as $14 each, but the underground offer much more, including Amazon, eBay, Facebook,  PayPal, Netflix,  and Uber accounts.

The offer is very articulated and multiple factors contribute to the final price of the commodity, for example PayPal and eBay accounts which have a few months or years of transaction history go up to $300 each.

Bank account offered for a price ranging from $200 and $500 per account, depending on the balance and the account history.

As anticipated the disconcerting finding of the research is related to the value of personally identifiable information (full address, a date of birth, a Social Security number, and other PII), each record is sold for $1.

As already reported by other reports, document scans of passports, driver’s licenses and utility bills, are becoming even more popular, many sellers in the black markets include in their offer also this kind of information that could dramatically improve the efficiency of fraud schema.

Document scans are available for purchase from $10 to $35 per document.

I don’t want to tell you more. Enjoy the report!

Pierluigi Paganini

(Security Affairs – Deep Web, Data Breaches)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

DORA Compliance Strategy for Business Leaders

In January 2025, European financial and insurance institutions, their business partners and providers, must comply…

1 hour ago

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report…

9 hours ago

City of Cleveland still working to fully restore systems impacted by a cyber attack

Early this week, the City of Cleveland suffered a cyber attack that impacted multiple services.…

14 hours ago

Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones

Ukraine’s security service (SBU) detained two individuals accused of supporting Russian intelligence in spreading propaganda…

14 hours ago

Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively…

1 day ago

Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution…

1 day ago

This website uses cookies.