Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Stolen Identity Goes For $20 On the Internet Black Market

Posted by timothy on from the remember-it's-your-data-not-actually-your-identity dept.

HughPickens.com writes: Keith Collins writes at Quartz that the going rate for a stolen identity is about twenty bucks on the internet black market. Collins analyzed hundreds of listings for a full set of someone's personal information—identification number, address, birthdate, etc., known as "fullz" that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone's identity was $21.35. The most expensive fullz came from a vendor called "OsamaBinFraudin," and listed a premium identity with a high credit score for $454.05. Listings on the lower end were typically less glamorous and included only the basics, like the victim's name, address, social security number, perhaps a mother's maiden name. Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors ("cheap and good A+"), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. "There is no shortage of hackers willing to do about anything, computer related, for money," writes Elizabeth Clarke. "and they are continually finding ways to monetize personal and business data."

5 of 57 comments (clear)

  1. My mother's maiden name is Hero by Anonymous Coward · · Score: 5, Funny

    Sadly, I married and took the last name Coward.

  2. How many LifeLock employees? by xxxJonBoyxxx · · Score: 4, Insightful

    It makes you wonder how many of these "hackers" are just LifeLock employees or other people in trusted positions who just took the data home with them?

    (I remember my first job in healthcare. At 19 - pre-HIPAA - I used to browse the medical records of friends, family and famous people on the hospital network when I was bored and alone at work, and it occurred to me once how easy it would be to just save the "best" ones to a floppy each night.)

    1. Re:How many LifeLock employees? by Anonymous Coward · · Score: 4, Interesting

      I used to work for a large card processor back in the 90's. Our call centers were staffed with temp employees as CSA's, which provided a way for gangs to infiltrate the company so that they could get customer personal info, purchase history and lots of other financial info. I remember one time while working on the call center floor when some men from the company's security division along with six cops rounded up 5 members of one of these gangs and hauled them off in hand cuffs. Given how porous that networks have been during the last 10-15 years I doubt they even bother trying to get people on the inside anymore.

    2. Re:How many LifeLock employees? by xxxJonBoyxxx · · Score: 4, Insightful

      >> It wasn't unethical when he did it.

      Disagree. It was unethical when I did it. It may not have been illegal yet, and our hospital system (privacy clueless in the era before HIPAA) never told the folks in IT NOT to pry around the databases, medical records or stacks of bills we produced, but poking around people's personal business was still was an unethical invasion of privacy. Fortunately, I've "grown ethics" in the 20-odd years since I was a teenager, and there are better legal and technical deterrents and preventatives to this type of thing now.

  3. Re:Are there lists? by xxxJonBoyxxx · · Score: 5, Funny

    >> Are there lists of compromised identities? I'd like to see if I'm on it.

    Sure, just post your name, social security number, credit card number and PIN here and we'll look it up.