Horror Stories: Marketplace sold 24M US citizens information

--------------------------------

Horror Stories: Marketplace sold 24M US citizens information

CHEQ

  | 

Cyber Risks & Threats | June 16, 2022

Let’s unveil it:

Cost: $19 million in fraud + information of 24 million U.S. citizens including their names, dates of birth, passwords, and credit card numbers

Date: June 7, 2022

Industry affected: Various

Threat Type: Credential stuffing. With the stolen PII (Personal Identifiable Information), Account Takeovers (ATO) can then be executed.

What is it?

Credential stuffing is a cyberattack used to obtain lists of usernames, email address passwords, and other personal pieces of information, that are usually acquired with data breaches caused by malware.

Long story short, what happened?

The SSNDOB was a digital marketplace that operated for several years using different internet domains selling the PII belonging to millions of people around the world. Revealing the case, the investigation conducted by the IRS and the FBI showed that approximately 24 million U.S. citizens had their PII available online. As mentioned, these PII were obtained in the first place by cyber criminals through attacks like credential stuffing.

The sale of these millions of personal information financially supported criminal schemes around the world, reportedly generating more than $19 million in revenue for criminals.

Why should you care?

The fact that the PII of millions of people were being sold online is already scary enough. Adding to that, the money gained from selling these PII on the web was used to finance other criminal activities.

But the most horrific part of this story is that cybercriminals who purchased the available pieces of information online could use this to create accounts on social media and financial services under pretentious real identities. No wonder why people are losing trust on the internet, not knowing what is real and what is fake. It is important to remember that schemes like this can lead to financial crimes, the drain of loyalty programs, and other several cases in which attackers will impersonate someone else to commit all sorts of fraud.

Wanna know more about how this can impact your Go-To-Market Operation? Click here.

Author

CHEQ

Request a Demo

Latest Posts

View All
In Announcements

Unveiling the State of Fake Traffic 2024: Insights, Trends, and Solutions

Kerry Coppinger | March 18, 2024 | 3 min read
In Cyber Risks & Threats

The Bad Actors Awards: Celebrating the Most Disruptive Bots

Kerry Coppinger | March 11, 2024 | 3 min read
In Cyber Risks & Threats

How Retailers Can Use Holiday Shopping Findings to Fuel Growth in 2024

Kerry Coppinger | February 05, 2024 | 2 min read
In Cyber Risks & Threats

What is Click Fraud? How it Works, Examples, and Red Flags

Sanja Trajcheva | January 29, 2024 | 20 min read
In Cyber Risks & Threats

Price Scraping Exposed: Who is at Risk and How to Prevent it?

Sanja Trajcheva | January 17, 2024 | 9 min read
In Cyber Risks & Threats

Top 7 Ways to Detect Account Takeover Fraud

Sanja Trajcheva | January 09, 2024 | 12 min read
In Cyber Risks & Threats

OTP Bots: The Achilles’ Heel of Your Digital Defense

Sanja Trajcheva | December 18, 2023 | 8 min read
In Marketing

How to target bottom of funnel customers with PPC content

Matthew Iyiola | December 12, 2023 | 12 min read
In Announcements

Webinar Recap: How Junk Leads Impact Revenue Teams

Kerry Coppinger | December 04, 2023 | 3 min read
In Cyber Risks & Threats

How Bots and Bad Actors Bypass Web Application Firewalls (WAFs)

Jeffrey Edwards  | November 22, 2023 | 7 min read
In Website Ops & Security

Don’t Fall Victim: How to Detect Bot Attack on Your Website

Sanja Trajcheva | November 06, 2023 | 12 min read
In Cyber Risks & Threats

Comparing reCAPTCHA and hCAPTCHA: Are CAPTCHA still worth it?

Jeffrey Edwards  | November 02, 2023 | 8 min read

Ready to secure your
Go-to-Market efforts?

GET started