“Digital” and “Data” were the two words heard loud and clear in 2020. Digital transformation drove data collection and subsequently gave rise to the flipside of this blessing – data theft. Cybercriminals had a gala time stealing it and then selling it on the darknet. While this gave sleepless nights to security teams and their respective CISOs and CIOs, cybercriminals made a fortune out of these by selling the data for as low as $0.002 to a few thousand dollars per record.
By Mihir Bagwe, Technical Writer, CISO MAG
So, let us look back at the biggest data sets of 2020 sold on the darknet that might have missed your eyes.
Records Sold: 3.2 Million
Offer Price: $2,500
LiveAuctioneers is an online auction platform headquartered in the U.S. On July 11, 2020, it issued a press release stating, “An unauthorized third-party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19.” The security incident compromised 3.4 million user records from the database. The stolen data was being sold on the dark web for a total of $2,500.
As per LiveAuctioneers, the affected information included names, email and mailing addresses, phone numbers, and encrypted passwords. However, the cybercriminal selling this data claimed that the database included decrypted passwords and social media profiles of LiveAuctioneers’ users.
2Dave Users Database
Records Sold: 7+ Million
Offer Price: $16,000
In July 2020, Dave, a digital banking and overdraft protection service provider, confirmed that a data breach incident compromised 7,516,625 of its user details. The leaked data included personally identifiable information (PII) like names, email IDs, birth dates, physical addresses, and phone numbers. The leaked information first surfaced when a cybercriminal put a sale advert on an underground forum called RAID. The sale of the entire database was offered for $16,000 (approximately $470 per record).
The ad was later removed, probably due to the successful sale of the leaked database. However, the same database later appeared on other forums but this time as a free download by a notorious threat actor named “ShinyHunters,” the same threat actor who was responsible for various other hackings and publishing of user records like Tokopedia, Unacademy, Wishbone, and many more.
3Multiple MySQL Databases
Records Sold: 85,000+ Databases
Offer Price: $550 Per Database
Recently, in December 2020, a portal that is a part of a ransomware scheme was brought to light by a security researcher. It has reportedly been active since the beginning of 2020 and contains 85,000+ MySQL databases that are offered at a mere selling price of $550 per database.
According to ZDNet, cybercriminals have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind for server owners to get their data back. The initial ransom notes asked victims to contact the attackers via email; however, as the operation flourished, the attackers automated their database ransom scheme with the help of a web portal, first hosted online at sqldb.to and dbrestore.to, and then moved to an Onion address on the dark web.
Records Sold: 91 Million
Offer Price: $5,000
In May 2020, Indonesian e-commerce giant, Tokopedia, suffered a massive data breach after hackers leaked over 15 million of its user records. Threat actors kept the details of 91 million users of Tokopedia up for sale on the Darknet for $5,000. According to Under the Breach, the leaked records contained names, emails, password hashes, and other personal information.
Tokopedia’s spokesperson, Nuraini Razak, confirmed the breach and claimed that the company had ensured the security of its users’ information. Razak had clarified that users’ financial details like credit/debit card numbers and e-wallet information were, however, not affected in the breach.
5Multiple Stolen Credentials
Records Sold: 15+ Billion
Offer Price: An Average of $70 Per Financial Credential and $10 Per Social Media and Other Services Credential
As per research from cybersecurity firm Digital Shadows, more than 15 billion stolen account credentials are being sold on the darknet, including 5 billion unique data sets, meaning that they have never been offered for sale more than once. The researchers spent a year and a half analyzing the tactics of the cybercriminals and found that the amount of misappropriated credentials has risen by 300% since 2018. The researchers noted that accounts, which allow infiltrating the critical systems of an organization, are auctioned and can fetch an average price of over $3,100; the most valuable to be known was auctioned for $120,000.
About the Author
Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.