Stolen data of 5m people sold on bot markets: NordVPN
AROUND five million people globally have had their data sold on the bot market to date, said one of the world’s largest virtual private network (VPN) service providers, NordVPN.
About 600,000 of those affected were from India, making it the worst affected country.
Bot markets are used by hackers to sell stolen data from victims’ devices using bot malware.
NordVPN, of Lithuania’s Nord Security, said the stolen data included user logins, cookies, digital fingerprints, screenshots and other information. The average price of a person’s digital identity was pegged at 490 Indian rupees (S$8.07).
The service provider began tracking the data since bot markets were launched in 2018. It looked into three major bot markets: the Genesis market, the Russian market, and 2Easy.
It uncovered stolen logins including those from Google, Microsoft and Facebook accounts; it also found 667 million cookies, 81,000 digital fingerprints, 538,000 autofill forms, numerous device screenshots, and webcam snaps.
GET BT IN YOUR INBOX DAILY
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Chief technology officer Marijus Briedis said: “What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place.
“And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot.”
India has been dealing with cybersecurity concerns for a while. A senior police official told Reuters that as recently as last month, multiple servers of the All India Institute of Medical Sciences (AIIMS) were infected on Nov 23. AIIMS is a federal government hospital that caters to ministers, politicians and the public.
The Times of India reported that after the ransomware attack, the Indian Council of Medical Research faced around 6,000 hacking attempts on Nov 30.
Indian cybersecurity rules were tightened only earlier this year. The Indian Computer Emergency Response Team required tech companies to report data breaches within six hours of noticing such incidents, and to maintain IT and communications logs for six months. REUTERS
KEYWORDS IN THIS ARTICLE
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
International
China’s April industrial output rises 6.7%, beats expectations
Crypto boom, erratic rain spark outages in Laos, Asia’s clean power export hub
China’s first special bond sale likely to see solid demand
IMF knocks Biden’s China tariffs as risk to US, world growth
US SEC updates customer data hacking rules for Wall Street
Hong Kong’s shaky crypto ETF debuts dent global hub aspirations