Stolen data of 5m people sold on bot markets: NordVPN
AROUND five million people globally have had their data sold on the bot market to date, said one of the world’s largest virtual private network (VPN) service providers, NordVPN.
About 600,000 of those affected were from India, making it the worst affected country.
Bot markets are used by hackers to sell stolen data from victims’ devices using bot malware.
NordVPN, of Lithuania’s Nord Security, said the stolen data included user logins, cookies, digital fingerprints, screenshots and other information. The average price of a person’s digital identity was pegged at 490 Indian rupees (S$8.07).
The service provider began tracking the data since bot markets were launched in 2018. It looked into three major bot markets: the Genesis market, the Russian market, and 2Easy.
It uncovered stolen logins including those from Google, Microsoft and Facebook accounts; it also found 667 million cookies, 81,000 digital fingerprints, 538,000 autofill forms, numerous device screenshots, and webcam snaps.
GET BT IN YOUR INBOX DAILY
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Chief technology officer Marijus Briedis said: “What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place.
“And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot.”
India has been dealing with cybersecurity concerns for a while. A senior police official told Reuters that as recently as last month, multiple servers of the All India Institute of Medical Sciences (AIIMS) were infected on Nov 23. AIIMS is a federal government hospital that caters to ministers, politicians and the public.
The Times of India reported that after the ransomware attack, the Indian Council of Medical Research faced around 6,000 hacking attempts on Nov 30.
Indian cybersecurity rules were tightened only earlier this year. The Indian Computer Emergency Response Team required tech companies to report data breaches within six hours of noticing such incidents, and to maintain IT and communications logs for six months. REUTERS
KEYWORDS IN THIS ARTICLE
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
International
Sri Lanka’s economy expected to grow 3% in 2024, central bank says
Yellen says US can bring inflation down without hurting jobs
US dollar briefly falls versus yen after GDP data
US weekly jobless claims unexpectedly fall
US economic growth slows more than expected in Q1
Malaysia ex-PM Mahathir facing anti-graft probe in a case involving his sons