Leaked Data Now Going to the Highest Bidder
An underground market has sprung up that allows hackers to sell other types of information to those who are willing to pay. In other words, all that data that is stolen or leaked is now going to the highest bidder.
Join the DZone community and get the full member experience.Join For Free
In recent years, many Internet users have become increasingly worried over the rise in cyber attacks and data leaks. Considering the amount of sensitive information most people are willing to put online, this worry is more than justified. Hackers are also always changing up their tactics, staying one step ahead of security efforts. Even more frightening is that with recent events, many hackers now have added financial incentive to increase their attacks. It was once thought the only way hackers could get some monetary value out of their attacks would be to steal bank account numbers or credit card information. But now an underground market has sprung up that allows hackers to sell other types of information to those who are willing to pay. In other words, all that data that is stolen or leaked is now going to the highest bidder.
Let’s look at several such incidents that have only cropped up in recent months. One hacker made waves by putting up for sale the account records of more than 160 million LinkedIn users. While this isn’t the information of every single LinkedIn user, it does represent a substantial portion of their more than 430 million user base. The data included in the attempted sale contains email addresses, user IDs, and even password hashes. There’s still no word where this data breach originated, but many experts believe it may come from a breach that LinkedIn experience back in 2012. That breach only had 6.5 million users’ information leaked, but some experts claim the breach may have been far more extensive than first thought. For now, the hacker selling this data wants $2,200 for the information.
The LinkedIn leak follows a similar pattern of other hackers selling account information. One hacker was able to gain access to the email addresses and passwords of more than 65 million Tumblr users. That data was first leaked back in 2013, but only recently has it gone onto the dark market, though, this time, the hacker is only asking $225 for it. It is believed that this is the same cyber attacker as the LinkedIn leak. In fact, the same person behind it all has also put stolen MySpace passwords up for sale, this time wanting $2,800 for them. The number of emails and passwords in this MySpace leak is up to 360 million in total and may be one of the largest incidents of data theft in history.
A Russian hacker is also getting in on the action. Recent reports indicate that the hacker was able to steal the usernames and passwords of nearly 33 million Twitter users. While that’s only a fraction of all Twitter users, a number of high-profile celebrity accounts were also hacked, meaning that information is now being put up for sale. The hacker is asking for more than $5,700 for the data, which many say is connected to the MySpace, LinkedIn, and Tumblr leaks mentioned above. Twitter itself says that the company has not been hacked, and this is more of a situation of hackers taking passwords and usernames from the LinkedIn leak and trying them on Twitter accounts to see what matches.
There are some who may wonder why there should be so much cause for alarm regarding these leaks. They may think the worst a hacker can do with that information is take over a Twitter account for example, and while that would be an annoyance, it’s hardly going to ruin the user. The main problem comes from several bad habits that online users tend to practice. The most serious problem comes from people who use the same password for multiple accounts. That seems to be how the Russian hacker was able to gain access to Twitter accounts. By using password information leaked from other hackers, he or she could then find ways to get into Twitter profiles. Now imagine if those passwords were used for accounts that had far more sensitive information attached to them, like for online banking or insurance profiles. That’s why so many security experts tell people to use a different password for each online account, and why these data leaks should not be taken lightly.
Hopefully, security measures and tools like Netflow will continue to find ways to combat these hackers. As big data challenges are overcome, better techniques will be developed. For the time being, however, online users shouldn’t take their information for granted. Hackers have a lot to gain from stealing their personal data.
Opinions expressed by DZone contributors are their own.