Hacker Dishes the Dirt on Selling Your Passwords
Ashley Allen / 3 years ago
For the last few months, the internet has been abuzz with news of mass hacks, with notable sites such as MySpace, Tumblr, Twitter, and LinkedIn falling victim to account security breaches – resulting in millions of e-mail and password combinations being sold on the dark web – with the latter triggering Facebook CEO Mark Zuckerberg having his social media accounts compromised due to reusing his (terrible) password on multiple platforms.
Now, one anonymous Russian hacker, who goes by the pseudonym “Peace_of_mind”, has come clean to Wired about the business of farming and selling account logins. Peace sells stolen user data from dark web black market site TheRealDeal, which has a 100% satisfaction rating and “A+++” feedback.
Examples of user data sold by Peace includes, according to Wired, “167 million user accounts from LinkedIn, 360 million from MySpace, 68 million from Tumblr, 100 million from the Russian social media site VK.com, and most recently another 71 million from Twitter, adding up to more than 800 million accounts and growing.”
Peace’s initial sales user data were quite exclusive, admitting, “The people who we sold to [were] selective, not random or in public forums and such, but people who would use [the data] for their own purposes and not resell or trade. Although [after] long enough, certain individuals obtained the data and started to sell [it] in bulk ($100/100k accounts, etc.) in the public. After noticing this, I decided for myself to start making a little extra cash to start selling publicly, as well.”
Working together with an unnamed team, Peace uses undisclosed methods to acquire the bulk login details – “all these have been hacked through [a] ‘team,’ if you want to call it that, of Russians. Some have been my work, others by another person” – and revealed that buyers prefer to use the information for the purposes of spamming.
It seems that selling confidential user data is a tidy way to make a living, with Peace confessing that he/she made $15K for the hacked LinkedIn data, $20K for both MySpace and Tumblr combined, and up to $100K for bulk sales of combined Netflix, PayPal, and Amazon data lists.
Following the Wired interview, Peace put millions of Twitter logins up for sale.
Image courtesy of Prophet Hacker.