Stolen data of around 5 million people sold on bot markets. Here’s how to check if your data was sold
Daniel Levi
Posted On December 9, 2022
Every year, hackers stole the data of billions of people around the world. In September, Australia’s second-largest telco Optus suffered a major data breach causing hackers to steal the personal data of 10 million customers. But have you ever wondered what hackers do with stolen users’ data?
According to the latest study conducted by one of the world’s largest VPN service providers NordVPN, hackers have stolen the personal data of around five million people globally. The data was later sold on the bot market. The most affected countries by the bot market are India, Brazil, and the US. Of the 5 million victims, 600,000 are from India, making it the worst affected country.
Bots are everywhere. They’re used in customer service, search engine optimization, and entertainment. But while bots are increasing in popularity, not all bots serve good intentions – many of them can be malicious, and these are the types of bots hackers used to plant malware on users’ devices.
Here is how it works. After stealing data from victims’ devices using bot malware, hackers then turn to the bot markets to sell the stolen data to the highest bidder. NordVPN said the stolen data included user logins, cookies, digital fingerprints, screenshots, and other information, with the average price for the digital identity of a person pegged at 490 Indian rupees($5.95), Reuters reported.
NordVPN has been tracking the stolen data since the bot markets first launched in 2018. The company said it compiled the data about bot markets in partnership with independent third-party researchers specializing in cybersecurity incident research.
“No information that relates to an identified or identifiable individual was collected, reviewed, or otherwise involved when performing the research and preparing the study. Moreover, the researchers did not access the dark web. Data was received on September 29, 2022.”
As part of the study, NordVPN said it looked into three major bot markets including the Genesis market, the Russian Market, and 2Easy. The company said it found stolen logins including those from Google, Microsoft, and Facebook accounts.
“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place,” said Marijus Briedis, chief technology officer at NordVPN.
“And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot.”
In the course of the study, NordVPN researchers also found 667 million cookies, 81,000 digital fingerprints, 538,000 auto-fill forms, numerous device screenshots, and webcam snaps.
