A survey more than 7000 consumers across Europe found a wide fear about the theft and illegal use of personal data, but also that many are often unsure about the value of their data, and what criminals might use it for, according to the IT security firm Kaspersky Lab.
While most, 59pc of respondents acknowledged that companies can make money by selling their personal data to other parties, half do not know how much their data is worth, whether to those companies, or to criminals. As a result, their approaches to data security may be haphazard, making it all too easy for criminals to steal data and commit crime, the cyber firm says. The fact is that data, even data that many people would consider innocuous, is routinely stolen and sold on the dark web, For example, stolen medical records, which sold for between $70 and $100 each in 2016, have now dropped in price simply because there are so many in circulation.
Kaspersky Lab’s Global Research and Analysis Team found that criminals can sell someone’s complete digital life for less than $50; including data from stolen social media accounts, banking details, remote access to servers or desktops, and even data from services like Uber, Netflix, and Spotify, plus gaming websites, dating apps, and porn websites which might store credit card data. Meanwhile, the price paid for a single hacked account is lower, with most selling for about $1 per account, and with criminals offering up discounts for bulk-buying.
David Jacoby, Senior Security Researcher at Kaspersky Lab, said: “It’s quite mind-blowing, but you can basically sell someone’s complete digital life for less than $50. Most people aged between 15 and 35 have registered for over 20 different online services and maybe use only about ten on a regular basis, making it easier for hackers to go unnoticed and make their money.”
The most common way criminals steal this sort of data in the first place is via spear phishing campaigns or by exploiting a web related security vulnerability in an application’s software. After a successful attack, the criminal gets password dumps which contain a combination of emails and passwords for the hacked services. And, with many people using the same password for several accounts, attackers might be able to use this information to access accounts on other platforms too.
Some criminals selling data even provide their buyers with a lifetime warranty, so if one account stops working, the buyer will receive a new account for free.
Stolen data may have limited resale value, but can be put to uses. This could cause problems for a victim, as they may lose their money and/or reputation, find themselves being chased for debt that somebody else has incurred in their name, or even suspected of a crime that somebody else has committed using their identity as cover. At the very least, they will have to spend time re-securing their accounts. But there may also be more widespread effects, the cyber firm suggests. For criminals tend to work together, and the money earned by selling data can be used to fund drugs, guns and various forms of organised crime. Stolen identities can be used to forge passports for trafficked people, or to commit many other types of crime.
David Jacoby, pictured, was among the speakers at the Kaspersky Next conference in Barcelona. He says: “Data and identity theft are extremely commonplace events, if you do not act to protect yourself then it is very possible that you too will become a victim. Hackers do not just target businesses or celebrities; everybody’s data has a value and can be sold. What is more, the trade in stolen data funds some very serious crime indeed. We all have a duty to protect ourselves, to stop this dangerous and debilitating crime. Fortunately, there are steps we can take to prevent it, including by using cybersecurity software, and being aware of how much data we are giving away for free – particularly on publicly available social media profiles, or to organisations.”
