McAfee Labs: Dark Web Sells Credit Card Numbers For 55 Cents

[Batu69]

So it turns out you can now buy stolen passwords for the princely sum of just 55 cents.

That is according to a new report by Intel Security group, McAfee Labs who claim to have found login credentials and passwords on a video streaming website.

That’s right, for less than it costs to post a UK letter first class, you can now buy someone’s stolen credentials.

The report, named The Hidden Data Economy, published earlier this month, detailed an extensive investigation undertaken by McAfee Labs into the Dark Side of the internet and also the hidden world of buying and selling stolen personal and corporate digital information online.

One of the main concerns raised by the report is that contrary to popular belief:

‘There is no ‘hidden doorway into an underground marketplace for nefarious products…’

In fact, a previous report by McAfee highlighted just how easy it was to access the underground marketplace for cybercrime, by anyone with a web browser. Since that report was released in 2013, McAfee notes that that access has only gotten easier.

The report also highlights the concept of ‘data breach fatigue;’ the idea that the sheer number of hacks being reported by companies and government agencies is greeted by the public mostly with a shrug. The recent Ashley Madison.com hack being a rare exception because of the ‘sex’ angle.

McAfee’s summary of how much it costs to buy someone else’s financial data

McAfee Labs discovered that one stolen US credit card number could cost as little as 5-8 dollars. European card numbers retail for between 25-30 dollars. Buyers willing to pay a little more could also add to their basket and purchase an entire digital identity belonging to someone else. This typically includes full addresses, pin numbers, mother’s maiden names, and CVV2 numbers.

More worrying that the apparent ease with which the easily accessible hidden economy is growing, is McAfee’s reasoning that the:

‘Cybercrime industry may seem so far removed from everyday life that it is tempting to ignore the message.’

The report is alarmingly blunt in its conclusions, saying that the evidence found of ‘the hidden data economy…make the threat clear…[that]… purchase and rental of exploits and exploit kits…are fueling an enormous number of infections across the world. Cataloging the available offers is impossible because the field is growing at a tremendous rate.’

The solution, according to McAfee is that everyone needs to be more pro-active in the fight against both malware and other cyber threats. If people do not take sufficient care to look after their own online insecurities, ‘information from our digital lives may appear for resale to anyone with an Internet connection.’

Source

[Holmes]

Buying a stolen cred card is pointless as the owner is going to end up seeing fraudulent purchases and is going to cancel the card after a week or two and account credentials the owner unless the account was deliberately shared the original owner is going to find out request a new password and if that doesnt workk ends up calling technical support which then returns the account back to them taking it from you you get the credentials for one or two weeks a month if that and your going to lose it. I wouldnt waste my mmoney on the black market if I was a criminal.

[straycat19]

I use one use numbers, every purchase I make uses a different number and it is only good for that one purchase, won't work again even if I try to use it since the credit card company restricts it to one use. Every time I need a number I just log in to my account and get a new one to use, so they can steal all of them and they will never be able to use them. If your credit card company doesn't offer this then you should switch. Now retailers, instead of banks, can be held liable for credit card fraud caused by their failure to secure their data. I actually know small local companies who refuse to keep credit card data after the transaction is completed. All companies should be like that or at least offer the option to remove your data after the transaction completes.

[CODYQX4]

I use one use numbers, every purchase I make uses a different number and it is only good for that one purchase, won't work again even if I try to use it since the credit card company restricts it to one use. Every time I need a number I just log in to my account and get a new one to use, so they can steal all of them and they will never be able to use them. If your credit card company doesn't offer this then you should switch. Now retailers, instead of banks, can be held liable for credit card fraud caused by their failure to secure their data. I actually know small local companies who refuse to keep credit card data after the transaction is completed. All companies should be like that or at least offer the option to remove your data after the transaction completes.

I'd like to know why anyone that doesn't do recurring billing bothers to keep it? Maybe it works for online impulse buys?

But Target? Why would you store it, and then pay to secure and store it, and then fail to secure it, and then pay through the nose both in reputation and dollars. You have to walk in and swipe the card all the time anyway. Was it some stupid form of record keeping or a terrible way of purchase tracking? Was it worth it?

I think most businesses that take cards in person, should never bother to store them. For quick-click things like apps or some junk on Amazon, it makes sense. But if I'm going to drive to the nearest store, it's already a massive inconvenience and you saving my card can't reduce that inconvenience, just make life a living hell when YOU get hacked.

[davmil]

I use one use numbers, every purchase I make uses a different number and it is only good for that one purchase, won't work again even if I try to use it since the credit card company restricts it to one use. Every time I need a number I just log in to my account and get a new one to use, so they can steal all of them and they will never be able to use them. If your credit card company doesn't offer this then you should switch. Now retailers, instead of banks, can be held liable for credit card fraud caused by their failure to secure their data. I actually know small local companies who refuse to keep credit card data after the transaction is completed. All companies should be like that or at least offer the option to remove your data after the transaction completes.

I've never heard of this...interesting, but - how do you function this way? I might go out, buy gas, then groceries, then lunch, then something else all on my ccard on a typical day. Would I have to call each and every transaction?

Another thing one can do is get a card with a super low limit that they use for on-line stuff. I have a card where I lowered the limit to $300 since that covers most of my online stuff in case the number gets out. While I wouldn't be on the hook for stuff I didn't authorize in any case, this helps protect against cleaning up the damage that they breach may cause.