Cybercriminals began to sell subscriptions to collections of leaked user credentials on the darknet
For many years ready-made credentials have been sold on the “dark side” of the Internet for criminals to use in future for large-scale attacks to seize accounts on various sites and services.
Such credential collections are the result of data leaks, hacks, fishing, and so on. Since the problem of reusing the same passwords is still very relevant, such attacks demonstrate considerable effectiveness.Specialists at Digital Shadows have noticed that a new type of business is gaining popularity in the black market. Now credential collections are not sold one-time, as regular ready-made collections, but according to the combolists-as-a-service (CaaS) model, that is, services have appeared that provide access to constantly updated sets of credentials, and you can connect to them by subscription. In fact, such services do not allow you to purchase separate lists, but automate this process.
Read also: Hacking financial holding Capital One led to a leak of 106 million people’s data
So, the researchers found that the CrackedTO underground forum is actively promoting the DataSense service, which is positioned as a cloud provider of databases and credential sets. Allegedly, the bases of this service were compiled and constantly updated by experienced crackers.
Subscribing to DataSense will cost criminals $ 50 per month, and you can pay for it using PayPal, Bitcoin and other cryptocurrencies.
“It’s not exactly confirmed which lists are available through the advertised service, since you first need to pay for the subscription and register through the datasense [.] Pw site. But messages from [service providers] imply that he offers credentials from Amazon, Electronic Arts Origin, Ubisoft uPlay, Netflixand Steam”, – the researchers wrote.
User Review
( votes)
