Next time you sign up for a new website and it asks for a password, or your favourite social media site nags you for a phone number, or a site you use every day pesters you to set up two-factor authentication, take a pause.
What’s going through your mind?
Are you getting ready to jump at the chance to tighten up your security? Itching to drum up another impenetrable 14 character password? Reaching for your password manager? Pulling out your phone ready to read the soon-to-arrive verification code?
Hey, you’re a Naked Security reader so perhaps you are.
But what about the next person? Many of them won’t be doing any of those things. They’ll pass up 2FA and stick with their go-to password of 123456 or qwerty, even though they know what a strong password looks like.
They’ll do it and stay safe, in their own mind at least, because Elliot Alderson and his ilk aren’t interested in their Netflix account.
Hackers in popular culture are ideological, FBI-dodging cyber-swordsmen who penetrate the armour of sophisticated adversaries using precise rapier thrusts.
The problem (of course) is that real life is messy, dull and rarely telegenic. In the real world we have to worry about real criminals who aren’t carrying rapiers and aren’t interested in kudos or ideology.
The adversaries we have to worry about when we’re choosing our Twitter or eBay passwords are in it for the money and their approach isn’t so much cyber-fencing as carpet bombing – it’s untargeted and it doesn’t matter who gets hit because it’s “how many?” that matters.
Our accounts aren’t compromised one by one, they’re cracked en masse or exfiltrated in the millions and then bought and sold online.
According to account monitoring company LogDog, who recently took a fresh look at this burgeoning part of the underground economy, it’s such a lucrative trade that there are Dark Web sites selling nothing but logins, not even credit cards.
There are now stores completely dedicated to selling only online accounts, without even offering credit cards for sale. Fraudsters, it appears, have discovered the financial potential in targeting various online services instead of just banks and credit card issuers.
As you’d expect in any marketplace, prices fluctuate based on supply and demand, and the value that criminals can extract from the accounts they buy. But everything has a price:
While Paypal has, and still dominates … it is now possible to find Amazon, Uber, eBay, Netflix, Twitter, Dell and many more … Any account that can generate fraudsters money, or even help them receive a service for free, has a demand in the cyber underground.
…Uber, for example, are sought after by fraudsters simply because they provide “free taxi rides”. Demand for adult entertainment accounts is high due to interest for self consumption.
…eBay and Amazon are sought after … to steal money or credits from these accounts … Compromised dating site accounts are also often exploited for romance scams.
And here, according to LogDog’s research, is what your account is currently worth on the Dark Web:
|Service||Min. Price||Max. Price|
12 comments on “What your hacked account is worth on the Dark Web”
“querty” would likely be a notch or two down from the top of the 100-worst-passwds list
Sorry Mark; had to say it.
I changed it to “qwerty” 🙂
Interesting article, however, two misspelled words. Armour should be armor. Favourite should be favorite. Just so you know.
Naked Security’s house style is to stick to the spelling and usage that each author would use unexceptionably at home.
So those writers from countries where British English is the norm, such as Australia, the UK and South Africa, get to be organised, to retain the final -e that Noah Webster chopped off the end of the word axe, to refer to the season in which the leaves fall from the trees as autumn, and to refuel their cars with petrol.
Similarly, those of our writers from American English countries have the honor to write about the center of the curb, to assume that hockey involves ice without explicitly saying so, and to have gotten used to the fact that restrooms aren’t for taking naps.
As I suspect you figured out all along.
I’d always gots purdy good grammaticals, but it’s interesting to note how often I still learn. I’ve always preferred the word “axe” in its three-lettered form, unaware that it’s a Britishism (or rather I suppose that our dropping “e” is an Americanism). I lean eastward preferring “grey” to “gray” but don’t typically look under my bonnet to check oil, nor do I properly pressurise the tyres on my lorrie.
Language is still fun, and I’m such a nerd…
Cheers to all NS writers and readers, irrespective of upon which side of which pond they reside! *
* Apologies to Winston Churchill
You serious dude? You realize that the English way to spell it is Armour and Favourite. Kind of like how we also spell it Colour.
Interesting article. However, misspelled words, favourite should be favorite, armour should be armor. Armour is the French word for love. Just saying.
Languages are full of examples where the word X in one language means something different (perhaps even rude!) in another. But that doesn’t change its meaning in the first language. For example, the English word “mist” means “manure” in German. But we can still use it to describe a prevalent English weather condition akin to fog. (No jokes about the English weather actully being a heap of manure, please.)
Of course, the French word for “love” isn’t “armour,” it’s “liefde.” And, because this is an entirely unrelated but cool thing to know, like this whole thread so far, the Afrikaans word for “orange” is “lemoen.”
Actually the French word for love is amour.
English spellings – favourite, armour and colour. Amour is the French work for love.
I think people should concentrate on reading and thanking rather than being grammar or spelling nazis. Kinda, kills the point for the author , in my view 🙂
Grow up folks !
Upvoted because you’re right. But please hear a Nazi out…
This article for whatever reason has garnered an order of magnitude more than its fair share of dissent over British/US spelling discrepancy, which I assumed is fairly standard knowledge, given the Interwebs and all. But it did yield some interesting discussion unrelated to the article.
I genrally posess a higtened atention to detail**, so a misspelled word can be highly distractive to me–to the point of detracting from the material. Around here corrections are generally offered with an earnest, helpful tone–and graciously received as such. Every author wants the article to be great. 🙂
** However we all make mistakes: yesterday I misread “decompress” as “decrypt” and wrote a five-minute rant which wound up being 70% wrong, based on an ocular Mondegreen (here’s where I hope Mark or Duck will step in and offer the true term), and I likely wouldn’t even have written the remaining correct content had the initial misunderstanding not lit (lighted?) my fuse. Let’s call it a speed-reading accident.
As a near-aside, re: Sheila’s comment
“Armour is the French word for love. Just saying”
I interpreted this as an intentional, trolling play on words, though it could be otherwise.