Hackers peddling stolen data on the dark web may not be something new. But a report suggests that one forum in the dark web that is known for its cybercrime operations, is offering a whole bundle of stolen personal data from 200 million users in Japan.
The hacker appears to be operating out of China. Though there are doubts on how this figure of 200 million can be relied upon when the very population of Japan is not more than around 127 million, some explain that there could be either duplication or people from other countries could be included in that bundle as well.
Genuine Data Involved
Since some doubts persisted on the authenticity of the data, tests were run on emails found in the bundle and were determined to be genuine.
These hackers do engage in malicious practices, and experts found at least one site where there are indications that they collected the money and did not share the ordered data. Who would expect scruples from such criminals anyway?
It has also been determined that the data was not stolen from one single site or in one stroke.
The hacker could have collected them by breaking into over smaller 50 sites and then putting all the data in one place.
And another factor to emerge is that part of the information might have been culled out as early as 2013 and the remaining in 2016.
And it won’t cost a bomb to acquire these names and addresses, phone numbers and emails of 200 million people; the seller is demanding just $150 for it.
Data Derived from Diverse Sources
As indicated, the hacker has used many sites of Japanese origin to steal the data. According to the researcher who has done in-depth study of the data has said even the verticals these 50-odd sites the data have come from are quite diverse.
These include food, transportation, retail, and even entertainment and finance. There are phone numbers of individuals included in the data as well.
After paying $150, the buyers of the data can use it or misuse it for many purposes. If they find the target that could be held for ransom money, they will attempt it through the usual methods.
Phishing emails is another weapon often used by cybercriminals to take advantage of vulnerable systems.
It has been observed by the experts that it is not just the Japanese public’s personal data being put on sale; countries like Australia, Hong Kong, some European countries, the U.S., Canada and even China figure in there.
Japanese Public May Have to Be Warned
It is now essential that cybersecurity firms in Japan take the lead and create awareness among the public at large about data security and how they can safeguard their personal information.
More than that, the websites which collect and store such data have to take serious steps to improve their site’s security.