Your twitter account password can become “a tasty morsel” for cyber thieves. Hackers can make more money out of stolen twitter credentials than from stolen credit card info on the black market, a new report says.
The report called “Markets for Cybercrime Tools and Stolen Data”, released by RAND (Research And Development) Corporation and sponsored by Juniper Networks, says that one’s twitter account credentials can actually become a gold mine – especially if a person is too lazy to invent new passwords for all their accounts in different networks.
“Social media and other credentials include usernames and passwords, which can often be used as an entry point to launch attacks on that person’s accounts on a number of other sites,” Juniper Networks employee Michael Callahan explained in his blog.
He pointed out that the value of stolen social media info is rising, while the value of credit card credentials has recently seen its decline after several high-profile breaches.
The report says that immediately after a large breach, freshly acquired credit cards command a higher price as there is greater possibility for the credit cards to still be active. But after time, prices fall because the market becomes flooded.
According to Michael Callahan, during a big data breach the price of credit card details drop from $15 or $20 per record down to 75 cents over a short period of time.
However, social media accounts are gaining more and more popularity among the cyber thieves. RAND report found out that hacking into accounts can be worth anywhere from $16 to $325+ depending on the account type.
“By stealing Joe Smith’s account information on one site, the criminal might gain access to his information on 10 sites,” says Callahan, “An individual’s stolen account information can be used to spear-phish the accounts of friends, family and co-workers for additional financial gain.”
The report points out that the hacker market — once a varied landscape of discrete, ad hoc networks of individuals initially motivated by little more than ego and notoriety — has emerged as a playground of financially driven, highly organized, and sophisticated groups.
RAND report says the overall change in social media account value is part of a larger trend in the evolution of the black market for hacks, cracks and data.
“In the early to mid-2000s, they focused on goods and services surrounding credit card data. Then, they expanded to broker credentials for eCommerce accounts, social media, and beyond. These days, some are still dedicated to one product or a specialized service, while others offer a range of goods and services for a full lifecycle of an attack,” says the report.
The report warns that we will see even more activity in darknets, more use of cryptocurrencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions.
The paradox is that the more encryption methods are invented, the more effort to hack those methods.
In December, Internet security firm Trustwave said that over 2 million passwords for popular social networking sites such as Facebook and Twitter, as well as Google and Yahoo accounts have been stolen and posted online.