Have you ever wondered what your data is worth on the dark web? Recently, RSA went undercover in the dark web to find out just how pervasive “dump” selling was and what your information is worth.
RSA and Fox Business News Report found the following:
- Instant Messaging ($1-$5)
- Emails ($1-$3)
- Dating Sites ($1-$10)
- Social Media Websites ($3)
- Financial Services ($7-$10.50)
- Online Money Transfer Services ($0.0-$15.50)
- Bank Accounts ($3-$24)
- Credit Card Websites ($3-$5)
- Accounts from Recent Breach ($1)
- Airlines ($3-$10.50)
- Hospitality Services ($0.7-$1.50)
The scariest part of these findings is that dating accounts have quickly become the third & fourth most valuable type of account to resell on the dark web. The reason? It provides the attacker with enhanced knowledge giving them the ability to generate a ‘Synthetic’ Identity. They glean intimate personal details about your life to create a new physical and virtual you in order gain credit, buy property, and obtain enough knowledge to take over your existing accounts by answering deeper security questions such as, “What was your first car?”, “What’s your dad’s middle name?”, or “Who was your favorite teacher in high school?”
So why do businesses & organizations care about this new trend?
Many organizations deploy technologies that are based on the same “Personal Question” methodology. An attacker who knows the answers to these questions can gain access to password reset mechanisms. Likewise, employees often use similar passwords across work and personal sites. More cases are being seen involving blackmail and corporate espionage – when people feel subject to embarrassment or criticism over information they posted on a dating site or social media outlet, they are more susceptible to do unnatural things to keep that information private.
How are you protecting not only your networks and Intellectual Property, but how are you educating your users and protecting them?
Be Vigilant, Stay Aware!
Christian Rolland, BVP, CCDP, CCNP+S, CCNP+R&S
Sr. Practice Director, Enterprise Networking