Facebook or Twitter accounts of millions of unsuspecting social media users could be hacked into and sold by cyber criminals for as little as £1 per account, the Sunday Telegraph has revealed.
Despite advancements made in cyber security technologies in the recent past coupled with the fact that firms are investing more in securing enterprise and customer data of late, every day we hear about a new data breach where hackers either exploit existing vulnerabilities in enterprise systems to gain access to data or employ phishing tactics to lure employees into revealing sensitive details.
Considering the number of data breaches occurring every year, cyber criminals across the world now have access to personally identifiable information of millions of citizens and are actively misusing such data or selling them to other cyber criminals for financial gain.
Facebook or Twitter accounts cost just £1 a piece
A Sunday Telegraph investigation recently revealed that Facebook or Twitter accounts of unsuspecting users are now being hacked into and traded between cyber criminals for as little as £1 per account. First, cyber criminals obtain such account details from recent data breaches, then use such information to log into accounts, change their passwords, and obtain additional details like contact lists, phone numbers, dates of birth and photos.
Using this operation, cyber criminals are able to steal identities, use them to create or to share posts on social media that support certain political affiliations, and thereby create new social media trends and also peddle fake news in order to influence public opinion ahead of elections or referendums.
"You can buy 1,000 accounts and connect them all to each other, then drop a story into the internet relating to what you know the people you’re trying to reach respond to. You get the 1,000 accounts to all retweet that post. Suddenly you have a story which has 1,000 shares," an expert told the Sunday Telegraph.
Dark Web marketplaces still doing robust business
In the past couple of years, we have observed the presence of vast amounts of customer data being traded either on the Dark Web or on discreet hacker forums on the Internet. For example, a Russian hacker was found selling as many as 32 million Twitter usernames and passwords on the Dark Web in 2016 for 10 Bitcoins which was equivalent to £4,000 at that time.
According to data breach search engine LeakedSource, the database that was offered for sale contained nearly 33 million records including email addresses, usernames, visible passwords and sometimes second email addresses.
Last year, security firm Flashpoint revealed that stolen credentials for thousands of corporate remote access servers were put up for sale on Ultimate Anonymity Services, a Dark Web marketplace for as little as £2.28 apiece.
Ultimate Anonymity Services is a Dark Web marketplace where hackers and cyber criminals can shop for such credentials to gain the ability to spy on and steal sensitive data from corporate servers. A majority of stolen credentials that were offered for sale on the platform belonged to firms in China, Brazil, India, Spain, and Colombia.
Recently, security researchers at 4iQ also stumbled upon the world's largest breached credentials database on the Dark Web that contained as many as 1.4 billion clear text credentials that were obtained by hackers by conducting hundreds of cyber-attacks.
All passwords in the database were in clear text and none of them was encrypted, thereby signifying how easily hackers were able to obtain or steal passwords of millions of users in the past. The database included stolen credentials aggregated from dumps like Exploit.in and Anti Public, as well as 385 million new credential pairs and 318 million unique users.
'The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records,' says Julio Casal, founder of @4iQ.