Categories: News

Cybercriminals began to sell subscriptions to collections of leaked user credentials on the darknet

For many years ready-made credentials have been sold on the “dark side” of the Internet for criminals to use in future for large-scale attacks to seize accounts on various sites and services.

Such credential collections are the result of data leaks, hacks, fishing, and so on. Since the problem of reusing the same passwords is still very relevant, such attacks demonstrate considerable effectiveness.

Specialists at Digital Shadows have noticed that a new type of business is gaining popularity in the black market. Now credential collections are not sold one-time, as regular ready-made collections, but according to the combolists-as-a-service (CaaS) model, that is, services have appeared that provide access to constantly updated sets of credentials, and you can connect to them by subscription. In fact, such services do not allow you to purchase separate lists, but automate this process.

Read also: Hacking financial holding Capital One led to a leak of 106 million people’s data

So, the researchers found that the CrackedTO underground forum is actively promoting the DataSense service, which is positioned as a cloud provider of databases and credential sets. Allegedly, the bases of this service were compiled and constantly updated by experienced crackers.

Subscribing to DataSense will cost criminals $ 50 per month, and you can pay for it using PayPal, Bitcoin and other cryptocurrencies.

“It’s not exactly confirmed which lists are available through the advertised service, since you first need to pay for the subscription and register through the datasense [.] Pw site. But messages from [service providers] imply that he offers credentials from Amazon, Electronic Arts Origin, Ubisoft uPlay, Netflixand Steam”, – the researchers wrote.

Of course, DataSense is not the only CaaS service on the market. For example, another “provider”, DatabaseHUB, provides daily updated lists of credentials, which can be accessed after purchasing a token through Shoppy’s e-commerce platform. The token gives the right to create up to five lists per day (approximately 100,000-300,000 credentials per collection) for 30 days.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

18 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

18 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

18 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

18 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

22 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

22 hours ago