Cost: $19 million in fraud + information of 24 million U.S. citizens including their names, dates of birth, passwords, and credit card numbers
Date: June 7, 2022
Industry affected: Various
Threat Type: Credential stuffing. With the stolen PII (Personal Identifiable Information), Account Takeovers (ATO) can then be executed.
What is it?
Credential stuffing is a cyberattack used to obtain lists of usernames, email address passwords, and other personal pieces of information, that are usually acquired with data breaches caused by malware.
Long story short, what happened?
The SSNDOB was a digital marketplace that operated for several years using different internet domains selling the PII belonging to millions of people around the world. Revealing the case, the investigation conducted by the IRS and the FBI showed that approximately 24 million U.S. citizens had their PII available online. As mentioned, these PII were obtained in the first place by cyber criminals through attacks like credential stuffing.
The sale of these millions of personal information financially supported criminal schemes around the world, reportedly generating more than $19 million in revenue for criminals.
Why should you care?
The fact that the PII of millions of people were being sold online is already scary enough. Adding to that, the money gained from selling these PII on the web was used to finance other criminal activities.
But the most horrific part of this story is that cybercriminals who purchased the available pieces of information online could use this to create accounts on social media and financial services under pretentious real identities. No wonder why people are losing trust on the internet, not knowing what is real and what is fake. It is important to remember that schemes like this can lead to financial crimes, the drain of loyalty programs, and other several cases in which attackers will impersonate someone else to commit all sorts of fraud.
Wanna know more about how this can impact your Go-To-Market Operation? Click here.