Stolen Twitter passwords are now worth more to cyber criminals than credit card details, as they provide hints on how to hack into other aspects of a victim’s online identity.
According to new research, the law of supply and demand affects the cybercrime industry in the same way it does legitimate business.
Credit card details – once the “currency of the black market” – were worth between $20 and $40 when fresh, quickly dropping to as low as $2 when “stale”. But recent data breaches have caused a glut of data to flood onto the market, slashing the cost of stolen card details, according to security expert Michael Callahan of Juniper Networks.
Access to social media accounts such as Twitter can be worth far more, varying from $16 to more than $325.
Mr Callahan said: “Social media and other credentials include usernames and passwords, which can often be used as an entry point to launch attacks on that person’s accounts on a number of other sites.
“Given the number of people that tend to use the same username and passwords, hacking one account can often yield other valuable information such as online banking or e-commerce accounts. By stealing Joe Smith’s account information on one site, the criminal might gain access to his information on ten sites.
“An individual’s stolen account information can be used to spear-phish the accounts of friends, family and co-workers for additional financial gain.”
A new report from the company warns that in the coming years we will see more activity in darknets, malware and the ability of criminals to stage cyber attacks increasing faster than the capability of law enforcement agencies to stop them.
Callahan said it was vital for people to use different passwords for each site, so that if one account is compromised it will not allow the hackers access to their whole digital lives, and to be wary of clicking unusual links in emails from strangers.