Darknet database prices almost halve: Mass leaks to blame

December 28, 2022  16:12

Mass data leaks in 2022 led to a drop in prices for databases on the darknet. According to Kommersant, the databases, which do not contain financial and other sensitive information, this year have fallen in price by almost two times. However, databases with more hard-to-find information rose in price.

According to statistics from Positive Technologies, a 'regular' database might cost $200-250 in 2021, and in 2022 they won't pay more than $100-150 for it. But according to DLBI data, databases containing information that fraudsters want (information on bank accounts, business correspondence, etc.) have risen in price by about 100%. It has affected the fact that the databases with such information is put up for sale less frequently.

The most valuable data

According to the InfoWatch group, in 2022, the most expensive databases are those leaked by company employees. Moreover, their price on Darknet can increase as they change hands.

Often the seller, such as a bank manager, gets no more than 30% of the price of the sold package, while intermediaries can earn more, said Andrei Arsentiev, head of analysis and special projects at InfoWatch Group.

According to Threat Intelligence Group-IB, 140 database leaks happened this summer alone. During one of such incidents databases of 75 Russian companies were published on the Internet. The list of victims included Internet delivery services, transport, construction and medical companies, online movie theaters, communication operators and others. A total of 304 million lines of data were made public during the incident.

CRM-systems under the gun

According to Nikolai Chursin, an analyst with Positive Technologies' Threat Analysis Group, there has been a recent demand for access to companies' CRM (customer relationship management system) systems, in which criminals can obtain information about organizations' employees and customers from the source themselves.

"This leads to a narrow circle of attackers having access to relevant and reliable user data. And this data could be sold at an extremely high price, and used in targeted social engineering attacks on wealthy citizens, key employees of organizations and government agencies," he said.

Major leaks

Unknown criminals recently stole data from more than 5.4 million Twitter accounts and published it on a hacking forum. The stolen data had non-public information, including personal phone numbers and email addresses.

But that wasn't the only Twitter leak. An unknown hacker posted the data of 400 million Twitter users on a forum and blackmailed the social network's owner, Elon Musk, by suggesting that he urgently buy the data to avoid lawsuits and fines before someone else buys it. Independent information security experts confirmed the authenticity of the leaked data.

Over the past year, Meta Platforms Corp. has fired or punished more than two dozen employees and contractors accused of giving criminals unauthorized access to Facebook and Instagram user accounts –  in some cases in exchange for bribes worth thousands of dollars.

One in 3 Internet users (33%) have been a victim of identity theft, according to research firm Thales. In 82% of cases, data theft had a negative impact on people's lives.


 
 
 
 
  • Archive