Theft of personal data is a common practice on the Internet and quite profitable for criminal hackers. There is a good chance that some e-mail and password of yours are sold in a dark corner of the web. Generally, sites with weaker security are targets for leaking users' confidential information. So, this data is used to try to access other platforms, where hackers can get something of value, such as money, air miles and expensive goods.
READ: What bot? Meet the robots that are 'dominating' the Internet
This technique known as credential stuffing. With credential combinations of username and password stolen in hands, criminals use codes that carry out mass attacks on the sites of interest. Many people, perhaps most, repeat the same login and / or password on multiple sites. Therefore, it is not so difficult to succeed in this type of fraud.
Criminal hackers use stolen credentials to attack websites Photo: Carolina Ochsendorf / TechTudo
READ: How to find out if your password was leaked on the Internet with LastPass
E-commerce sites are the ones that suffer most attacks. According to a report published by virtual security company Shape Security, about 91% of global traffic on these services in 2017 was occupied by credential stuffing attacks. Second, there are airlines, with 61% of traffic consumed by hackers' login attempts. Next came banks and hotels with 58% and 44%, respectively.
It is estimated that attacks from the right 3% of the time. more than enough to cause huge damage to consumers and businesses. The e-commerce sector loses approximately $ 6 billion a year due to these crimes, while banks have an annual loss of $ 1.7 billion. The hotel and airline companies, in which thieves tend to target loyalty points, lose a total of R $ 700 million per year.
From time to time, data leaks on very large and popular services surface, as has already happened with LinkedIn, Yahoo or Netshoes. But the incidents are frequent. Last year alone, more than 2.3 billion leaked credentials from 51 different organizations were reported. An aggravating factor in this story is that data compromises are often slow to announce. The 2017 events on average took 15 months before they were discovered and released.
Hacked passwords are used in scams Photo: Divulgao / Facebook
One of the favorite targets of hackers is virtual forums. Last year there were 13 thefts of information on these platforms and, in 2016, there were 11 occurrences. Among them, there was the violation of a fansite of the singer Lady Gaga, Little Monsters, which impacted more than 1 million accounts that include users' birthdays, passwords and e-mails. Online communication and productivity services, social media and games are also recurring victims.
How data turns into money
There are several ways to profit from sites attacked by credential stuffing. One of them takes control of bank accounts. This is the preferred form of cybercriminals in the United States. Another method is to buy products that can be easily resold, such as gift cards and electronics. A curious example revealed by the report is the scheme involving a cheddar cheese that costs more than $ 400 per kilo. Hackers break into online markets to buy cheese and pass it on to restaurants for cash.
Miles of flights are also an efficient option for the coup. They do not have such sophisticated protection and customers often take a long time to notice the problem. With transactions via PayPal, miles are sold to specialist brokers, who buy points from hotel and airline programs and resell them to online travel agencies.
To increase digital security and reduce the impacts of hacker fraud, users must do their part. The first step is to avoid using the same passwords on different sites. Be especially careful with your most important accounts, using unique access data at least on them. If the difficulty of saving so many keywords is a problem, use a password manager program.
Have I Been Pwned website shows if your password has already been leaked on the Internet Photo: Reproduo / Have I Been Pwned
Also try to permanently disable registrations on services that you no longer use. There will be less of your vulnerable information on the Internet unnecessarily. Also, check to see if your credentials have ever been compromised. There are tools with a database of leaks that allow consultation, such as Have I Been Pawned.
Via Shape Security and Quartz
How do I know my Wi-Fi router password? Ask questions in the TechTudo forum.
How to find your current network's Wi-Fi password in Windows