The Market for Stolen Account Credentials

In my security webinars, I spend time upfront emphasizing the vast underlying business behind hacking. The objective in stressing this to users is so they can realize they aren’t dealing with individuals looking out to attack and exploit “them”, but to comprehend that ransomware and other malware attacks are huge businesses built at scale.

It’s basically the difference between defending yourself from a single home break-in, or defending yourself from the entire might of a nation-state military with its thousands of men, planes, tanks, etc, and the full ecosystem (Manufacturing, research, supporting systems) behind their declared war.

I am not exaggerating – much.

This article over at Kreb’s Security quantifies just a small attack that yields a couple of hundred thousand dollars in just a few months, just from selling account credentials.
So far this year, customers of this service have purchased more than 35,000 credentials he’s sold to this service, earning him more than $288,000 in just a few months.
Curious to know more?

The prices for individual credentials are set by value.

For example, credentials for Uber are $30 for each account.

You have a military-only account with NavyFederal.com? Each account there is for sell for $60 each.

But it is not just account credentials. Entire identities can range up to $150 each, depending on the individuals FICO score (let that sink in a moment). Oh, you can also by their credit reports while you’re there.

Read the Full Article here: >Krebs on Security