Cybersecurity experts with STEALTHbits, VASCO Data Security and NuData Security commented below on the recent Dark Web Market Price Index published by VPN ratings service Top10VPN.com’s consumer site “Privacy Central.” The index puts the price of a full online identity at $1,170, while hacked Uber, Airbnb and Netflix accounts go for $10 each, and hacked Grubhub, Walmart and Costco accounts go for between $5 and $10 each.
Ryan Wilk, Vice President of Customer Success at NuData Security:
“Among all the personally identifiable information available on the web, the most valuable one is your complete online identity, as it includes data to access all your online accounts. It’s not surprising that each account, each type of data, or the whole package are sold online as if they were a pair of sneakers. Fraudsters work hard to get that information, and by reselling it, they are increasing its value, just like any other industry would do.”
“To fight this wave of exposed data, many forward-thinking retailers and other major organizations are adopting a multi-layered approach to verifying their users online – such as passive biometrics and behavioral analytics. This approach makes online accounts more secure as they can’t be accessed by bad actors, even if they present the right credentials.
Because these technologies don’t rely on static data, they are devaluing it and, ultimately, they can affect the value of stolen data on the dark market.”
“This approach to online verification that uses behavioral data signals to verify a user is allowing companies to avoid account takeover with stolen credentials and focus on their good customers.”
“This report is a good reminder of the importance of having a multi-layered security and also underscores that fraudsters are highly evolved and sophisticated criminal enterprises.”
“The key take-away from this report is that cybercriminals understand the business of monetizing stolen data along with the related level of effort and ROI. The level of sophistication is increasing rapidly. Phishing emails were once riddled with spelling errors and pop-ups that easily flagged them as un-professional and suspicious; This is no longer the case as even security aware individuals are falling prey to more “polished” schemes. Also, the volume of breached data, and number of individuals effected, means individuals should assume their personal information is exposed and proactively check credit reports and, for the strongest defensive measure, freeze credit with all the major credit bureaus. Lastly, consumers should take advantage of multi-factor authentication security when available and businesses should prioritize efforts to deploy this strong security.”
“People are often scared of bad guys getting their credit card numbers. The truth is that a small bit of awareness can protect you from nearly any credit card fraud. Most of the risk is actually on your credit card provider – as long as you monitor your bills and raise your hand when there is suspicious activity. If you use one of the higher end cards, they will do that for you. And you can also hook your credit cards up to services like Apple, Google, or Samsung payments and get alerts for each charge to ensure you see something off color right away.
“The bigger risk in these data black markets is the deadly combination of leaked passwords and lazy users. If someone gets your email password from a black market and you have never changed it, then they can use that “forgot your password” link on the credit card website to take over your account without ever paying a dime for your credit card number. Same for your bank account, Netflix, and just about everything else you use online that’s linked to your email. The bad guys who are really dangerous know that. Luckily, bad guys are about as lazy as the average person – because they are just people, too.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.