Reports say Netflix and Uber credentials are now the sought-after personally identifiable information (PII) in the Deep Web and underground markets, perhaps even more than stolen credit card details. It’s not difficult to see why: For US$1, anyone interested can get hold of the details tied to a stolen personal credit card. As two of the latest entrants to the black market, meanwhile, a stolen Netflix account costs US$5 while a hacked Uber account sells for US$4.
That Netflix and Uber accounts are becoming more popular and possibly even more profitable than credit card information may be a case of the law of supply and demand. On the one hand, we have an overabundance of stolen credit card details, the demand for which may have gone down given the security measures banks and financial institutions put in place to prevent credit card fraud. On the other, services like Netflix and Uber are growing their user bases—Netflix boasts 75 million members while Uber has around 70,000 active users in San Francisco alone as of December 2014 with relatively fewer players in the Deep Web and various underground markets exploiting them. Increased demand for these is thus pushing their prices up.
Cybercrime is indeed a business. Much like any company, cybercriminal operations trail their sights on what is currently in demand. Unlike their legitimate counterparts though, they don’t exert effort to think of their own unique offerings. Instead, they profit on what should rightfully be a product/service’s creators by offering more affordable (hacked) offerings.
In 2015, we learned that each underground market has its own set of unique offerings (see our Global Cybercrime Map). We summed up our cybercriminal market findings as well in “Cybercrime and the Deep Web.” If you’re attending RSA US 2016, visit the Trend Micro booth and hear more on this from our security evangelist. For more of the latest in cybercrime news so you can stay protected against the bad guys; visit our Deep Web Hub.