Study Finds Hundreds of Stolen Data Dumps

Steve writes "SecurityFix reports that a group of researchers from Germany published a study in which they analyzed several hundred so-called 'drop zones,' i.e. anonymous collection points of illicitly collected data stolen with the help of keyloggers. 'Their findings, which drew from stolen data harvested from these drop zones between April and October 2008, were staggering: 33 gigabytes worth of purloined data from more than 170,000 victims. Included in those troves were more than 10,700 online bank account credentials, 149,000 stolen e-mail credentials, 5,682 credit card numbers, and 5,712 sets of eBay credentials. [...] Using figures from Symantec's 2007 study on the prices that these credentials can fetch at e-crime bazaars, the researchers estimate that a single cyber crook using one of these kits could make a tidy daily income. The full report [PDF] contains some more interesting details.'"

Re:How are they storing this data?

[Ihmhi]

Profile pages could have just been saved wholesale rather than text files?

Or perhaps it's all in a huge database with a searchable index.

Re:Yep. We're vulnerable.

[HAKdragon]

It's been my experience that in the US, the number will stay the same, but the 3 digit validation number will change, as will the expiration date - both of which are needed for doing online transactions.

Re:Yep. We're vulnerable.

[xaxa]

the unlucky person who got the telephone number 01234567890

That's a real telephone number in the UK. It would be allocated to someone in/near Bedford (01234). Possibly this private hospital (which is in Essex, but the company office given at the bottom of the screen is in Bedford).