Serial data leaks and the laxity of tech giants in cybersecurity have lost all notions of confidentiality. In fact, a lot of information is no longer worth much, while others are still highly sought after by hackers.
235 million email addresses linked to a Twitter account were sold for less than 2 euros on a hacker forum on January 4, 2023. Can we still say that our information is still worth something, when our identifiers leak several times a year? ? If the data was obviously not intended to be an exchangeable good, the fact that it is offered free of charge on forums proves that it is far too easily accessible. Social networks, data exchanges for advertisers, the multiplication of accounts on the web, the laxity of all these companies for security have quite simply made certain information lose all notion of privacy. We managed to find our email as well as the password on a hacker forum at Numerama.
” A phone number, an email address, this data has little value, firstly because social networks sell it themselves for advertising targeting. Market giants must pay fines of hundreds of millions almost annually for the lack of protection of the information entrusted to them “, explains Damien Frey, France director of Varonis, a cybersecurity software company.
Daily Dark Web, a team of dark net specialists present on the networks, regularly compiles leaks to establish price estimates on forums frequented by hackers. Thus, a fresh — and not recycled — list of 10 million email addresses is generally sold for around 100 euros. Once sold, its price drops until it is free after the file in question has been exchanged too much between the criminals. From there, giving our phone number or our email address on the street to a stranger will have no more consequences.
Hackers looking for sensitive information
The market has therefore adapted to this overabundance of data. ” The email or phone number is easily accessible. The hacker will then look for additional details. He will see if you or your colleagues have traveled recently, or if you have any hobbies. With this information in hand, he will be able to give context and legitimize his phishing message. We see it more and more often in the fraudulent emails received by our customers’ employees. “says Romain Basset, Director of Customer Services at Vade, a company specializing in threat detection.
” Passwords remain very interesting, for example. From a single leak, the criminal will try to connect to all the other possible accounts since Internet users regularly reuse the same combination he adds. For example, some business databases — such as employee IDs — are sold for tens of thousands of dollars, as the attacker can easily monetize the attack by hitting the company with ransomware in the process.
The price of a piece of data naturally varies according to its degree of confidentiality. Ransomware attacks, the most profitable method for hackers today, allow first to demand a ransom from the victim, but also to resell the information in case of refusal. ” It is no longer so much the volume that worries the experts, but the sensitivity of the file online. The numerous attacks against hospitals show that there is now an interest in stealing health information, in addition to the panic caused by the paralysis of an establishment of this type. The health reports of a top athlete or politician can be of interest to many people “says Damien Frey.
Bank details are also a sought-after asset. The number of a card with the CCV code on the back is sold between 15 euros and 25 euros depending on the bank and the country, estimates Daily Dark Web. ” Victims of a banking information leak have noticed purchases of 49.85 euros on their account. Surely to avoid exceeding a threshold from which the establishment must warn the user “says Damien Frey.
As for passports and identity cards, a simple photo of these documents can be worth between 2 and 5 euros. Generally, criminals can use it to create false identities and open accounts, sometimes with online banks. We had spoken with a hacker who offered to sell 1,500 documents of French citizens, for around 3,000 euros.
Also note that if our email address and phone number are not worth much, they may still be of interest to spammers. ” We are witnessing misappropriation of marketing software used by companies on behalf of people who drown you in emails. Concretely, these programs make it possible to detect the people and profiles that are most likely to open the message and click on the link. They can then earn revenue from targeting, interaction and ads sent », explains Romain Basset de Vade. You are therefore doomed to receive offers and scams on a daily basis. Just avoid clicking on it.
