Cybersecurity firm outlines widespread availability of compromised usernames and passwords
Stolen account details for online entertainment services, such as Netflix and Spotify, are being sold on the black market for less than US$5 an account, according to an investigation by cybersecurity company Kaspersky Lab. In blog post, David Jacoby, a senior security researcher at Kaspersky, outlines how the widespread availability of stolen account details is driving down prices and even prompting some vendors to offer “lifetime warranties” so if one stolen account stops working, the buyer is given another for free.
The blog post explains that the most common way to steal account details is via phishing campaigns or by exploiting a web-related vulnerability, such as a SQL injection vulnerability. “The password dumps contain an email and password combination for the hacked services, but as we know most people reuse their passwords,” Jacoby writes. “So, even if a simple website has been hacked, the attackers might get access to accounts on other platforms by using the same email and password combination.”
He estimates that an individual’s “complete digital life” can be bought for less than US$50, adding: “We’re not talking about getting access to bank accounts, but you do get access to services where a credit card might be included such as Spotify, Netflix, Facebook and others.”
For more details, see the blog post on the Kapersky Lab web site