Ontrack | Data Protection | Identity Theft | Ontrack blog

The Black Market for Data

If the right kind of personal data - credit card numbers, email addresses, online credentials, or bank account information - falls into the wrong hands, you can be sure criminals will use that data for their personal gain or sell it on the black market, where buyers and sellers anonymously deal in stolen or illegal goods and services.

On the darknet, the secret and hidden part of the Internet, everything from weapons and drugs to money laundering and credit card information can be bought and sold. For example, a complete set of all the credit card data - name, payment card number, expiration date, social security number, date of birth and the CVV number (the three-digit security code on the back of the credit card), currently costs between $30 and $45 in the U.S. and Europe.  Credit card dumps, the copying of information that is on the magnetic strip of the card, have selling prices between $200 and $300. They can then use this information to copy it onto credit card blanks, turning the fake cards into real ones.

Online account data

The personal information from your Amazon or eBay account, for example, are in high demand on the black market – as well as access data from video streaming services, like Netflix.  You can get a Netflix account as a bargain offer for as low as 50 cents on the dark web.

Phone apps – free isn’t always free

Funding for free apps comes from advertising, but reselling the data that the smartphone sends to the developer is always a possibility.  However, you don’t know who is going to deliver the data.  The intention of the data is for anonymous transmission and untraceable back to the origin, but this isn’t always the case. Scientists have found out that de-anonymization isn’t as complicated as it seems.

Medical records

Today, patient records are very popular.  In 2015, thefts were able to steal about 100 million records.  What seems somewhat surprising at first can be explainable by the fact that in these files - apart from the insurance number - one might find sensitive personal information.  Criminals often use the stolen records for identity theft or extortion.  The "durability" of the data, as the security researchers of IBM's X-Force research team state, is of great interest to criminals.  It is possible to block a credit card account, but not patient records, and its data is normally good for a lifetime.

Discarded devices

Even more caution should be used when privately selling used computers or smartphones. Reformatting a hard drive or resetting a smartphone does not help against professional data collectors. It is always a recommendation to use professional data erasure software before selling the device.

Hackers use these devices for all sorts for criminal behavior - especially if they can reveal where the data came from.  Devices that contain information from a business, for example, are of special interest for thieves.  Highly sensitive or private data such as company secrets, login data, or other sensitive information can mean more money.  Private computers, on the other hand, are an excellent starting point for a career as a blackmailer - or for someone specializing in identity theft.

If you want to make sure that no one can use your data, you should erase the storage media for good.  This can be done using a device called a degausser, which uses a strong magnetic field to erase the data or by shredding or mechanically destroying the media itself.

Protect your data

Data protection is more important than ever before.  Make sure you are taking the necessary steps to protect your personal data and are constantly reviewing areas that criminals could potentially compromise.  Treat your data like it's gold. Don’t make it easy for someone to steal your gold and make money off of it on the black market. In the event of a loss of data by a breach, it is potentially possible to recover the data. To ensure data protection and recovery, take precautionary steps today.