Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Stolen Identity Goes For $20 On the Internet Black Market

Posted by timothy on from the remember-it's-your-data-not-actually-your-identity dept.

HughPickens.com writes: Keith Collins writes at Quartz that the going rate for a stolen identity is about twenty bucks on the internet black market. Collins analyzed hundreds of listings for a full set of someone's personal information—identification number, address, birthdate, etc., known as "fullz" that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone's identity was $21.35. The most expensive fullz came from a vendor called "OsamaBinFraudin," and listed a premium identity with a high credit score for $454.05. Listings on the lower end were typically less glamorous and included only the basics, like the victim's name, address, social security number, perhaps a mother's maiden name. Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors ("cheap and good A+"), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. "There is no shortage of hackers willing to do about anything, computer related, for money," writes Elizabeth Clarke. "and they are continually finding ways to monetize personal and business data."

13 of 57 comments (clear)

  1. My mother's maiden name is Hero by Anonymous Coward · · Score: 5, Funny

    Sadly, I married and took the last name Coward.

  2. So, how much to buy a better life? by NotDrWho · · Score: 2

    My current identity sucks ass.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:So, how much to buy a better life? by Demonoid-Penguin · · Score: 3, Insightful

      My current identity sucks ass.

      So? Stop whining, scrape up $20 and buy a better one.

      $100 will get you one with 500 Fffacebook friends and 1000 Twitter followers.

      $1000 will get you one with no Ffffacebook friends or Twitter followers.

      For $5 you could be Depak Chopra.

  3. How many LifeLock employees? by xxxJonBoyxxx · · Score: 4, Insightful

    It makes you wonder how many of these "hackers" are just LifeLock employees or other people in trusted positions who just took the data home with them?

    (I remember my first job in healthcare. At 19 - pre-HIPAA - I used to browse the medical records of friends, family and famous people on the hospital network when I was bored and alone at work, and it occurred to me once how easy it would be to just save the "best" ones to a floppy each night.)

    1. Re:How many LifeLock employees? by bobbied · · Score: 2

      These days if you tried that they'd be hauling your butt off to jail. This HIPPA thing make this a serious liability and hospitals and doctors have got nuts about it, so much that I cannot even make a doctor's appointment for my wife anymore, unless she's signed their form that says I can....

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:How many LifeLock employees? by Anonymous Coward · · Score: 4, Interesting

      I used to work for a large card processor back in the 90's. Our call centers were staffed with temp employees as CSA's, which provided a way for gangs to infiltrate the company so that they could get customer personal info, purchase history and lots of other financial info. I remember one time while working on the call center floor when some men from the company's security division along with six cops rounded up 5 members of one of these gangs and hauled them off in hand cuffs. Given how porous that networks have been during the last 10-15 years I doubt they even bother trying to get people on the inside anymore.

    3. Re:How many LifeLock employees? by xxxJonBoyxxx · · Score: 3, Interesting

      >> you're now on record for doing one of the most unethical things imaginable?

      Our last three presidents collectively admitted to smoking pot, using cocaine, driving drunk, sleeping around, eating dog and more. Career-wise, I'll be fine.

      I'd expect that it's the teenagers who are currently making racist comments on their Facebook feeds that can expect a lifetime of career-aborting revelations.

    4. Re:How many LifeLock employees? by alexhs · · Score: 2

      Our last three presidents collectively admitted to smoking pot, using cocaine, driving drunk, sleeping around, eating dog and more. Career-wise, I'll be fine.

      I expected a mention about causing the death of thousands of people abroad, but apparently there's nothing worse than intoxicating oneself, having sex between consenting adults, and not being a vegetarian.

      --
      I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
    5. Re:How many LifeLock employees? by xxxJonBoyxxx · · Score: 4, Insightful

      >> It wasn't unethical when he did it.

      Disagree. It was unethical when I did it. It may not have been illegal yet, and our hospital system (privacy clueless in the era before HIPAA) never told the folks in IT NOT to pry around the databases, medical records or stacks of bills we produced, but poking around people's personal business was still was an unethical invasion of privacy. Fortunately, I've "grown ethics" in the 20-odd years since I was a teenager, and there are better legal and technical deterrents and preventatives to this type of thing now.

  4. Re:Are there lists? by xxxJonBoyxxx · · Score: 5, Funny

    >> Are there lists of compromised identities? I'd like to see if I'm on it.

    Sure, just post your name, social security number, credit card number and PIN here and we'll look it up.

  5. Re:Joke's on You! by Jamu · · Score: 2

    Maybe you could buy slashdot.

    --
    Who ordered that?
  6. Re:Joke's on You! by CimmerianX · · Score: 3, Funny

    Yours must be one of the accounts that goes for $1.40.

  7. ID theft is the fault of lenders, credit bureaus by PeterM+from+Berkeley · · Score: 2

    Your zeal is misplaced. ID theft wouldn't be an issue if LENDERS WERE NOT LAZY ASSHOLES.

        Why should YOU be on the hook for clearing yourself if some LENDER lends "you" money, without actually bothering to really find out it is YOU, and then goes after YOU when it was "you" who actually got the money.

        Seems like the lender didn't do due diligence to me! Same thing with credit bureaus, they accept gossip about YOU and repeat it when it was "you", not YOU who actually did the actions.

        And somehow YOU are the victim?

        Legislation needs to be issued forthwith forbidding ANY lender from putting ANYTHING derogatory in your credit report unless they can PROVE whatever they have a problem with was done by you and no one else. Also, lenders should NOT be able to attempt to collect from a person unless they can prove that self-same person is the person they gave their money to.

    ID theft would largely be a thing of the past.

    --PM