Recently, we have heard about various data breaches concerning LinkedIn, Facebook and other social platforms. But this is not new. In fact, hackers have been stealing users data from the very beginning. But if previously, they have been using the stolen data for their own purposes and dark deeds, now, it’s a good business.
A few days ago, Misha Ketchell, a cybersecurity researcher published an interesting article, in which he is talking about stolen data and what it costs.
Why Do Hackers Steal Users Data?
In fact, there are several reasons why data breaches happen. Moreover, hackers have various purposes. The fate of stolen data depends on who is behind. For example, in 2014, North Korean hackers stole Sony Pictures Entertainment employee data. The latter included tons of valuable information such as Social Security numbers, financial records and salary information. Later, the hackers published the emails to embarrass the company, possibly in retribution for releasing a comedy about a plot to assassinate North Korea’s leader, Kim Jong Un.
When there is a data breach, often, it’s for espionage. For example, in 2018, Hotel Marriott’s system was hacked and information about 500 million guests was stolen. At that time, it became known that hackers were from China. So there was every reason to think this data as part of an intelligence-gathering effort to collect information about U.S. government officials and corporate executives.
Generally, It’s About Money
Though there could be many cases that are not related to money, in general, hackers steal data to sell on the dark web. It turns out 86% of data breach cases are about money; 55% of those cases are organized by criminal groups.
There are special “markets”, where “anyone” can buy “any set of data” for a corresponding price. Rescator is one of those places. The latter and the likes can be found via a simple Google search. But most of the dark web markets require special browsers.
Interestingly, buyers pay via bitcoins or Western Union. The prices vary a lot, depending on data type. Say, email addresses (from a hundred thousand to a couple of million) go for $10.
Who Is Using Stolen Data?
The most popular reason for buying users data is to create clone cards for making fraudulent transactions or applying for loans or credit cards under the victim’s name. Another option, marketing firms buy personal information to run various ad campaigns. Stolen emails can be also used in phishing and other social engineering attacks.
How To Check Whether Your Personal Data Is Sold
Just visit websites such as haveibeenpwned and IntelligenceX to see whether your email was part of stolen data. If you find out that your data is offered on any platform, inform credit reporting agencies and other organizations that collect data about you; change your passwords; and take some other precautionary measures.