14 DAY TRIAL // Have you ever wondered how much your email or social media account is worth? If you ask cybercriminals, they would say that it’s not much, not much at all.
Dancho Danchev (writing for the Webroot blog) has stumbled upon a new Russian website where the access credentials to compromised accounts are sold. The usernames and passwords offered by the site’s owners can be used to gain entry to Vkontakte, Twitter, Facebook, LiveJournal and email accounts.
So how much are they worth?
For instance, a number of 50 accounts for Russia’s most popular social media site Vkontakte cost around 90 rubles ($2.7 or 2 EUR). 1,000 accounts cost 1.800 rubles ($60 or 50 EUR).
Facebook accounts are somewhat more expensive. For 500 of them, the customer has to pay $6 (5 EUR), for 1,000 accounts the price being $11 (9 EUR).
It appears that Twitter passwords are even more valuable since for a lot of 500 the price is $7.7 (6.2 EUR). However, the deals are sweeter as far as hijacked Twitter accounts are concerned. Clients who purchase 5,000 of them only have to pay around $46 (37 EUR).
Email accounts on the other hand are the cheapest. For 10,000 Mail.ru email accounts, the cost is equivalent to the one of just 500 Twitter accounts.
While these particular sites may be mainly designed for Russian users, we’ve seen on numerous occasions in the past that such “services” exist worldwide and the prices the fraudsters ask for the credential sets are just as low.
This comes to show how easy it is for a cyber con artist to dupe hundreds of thousands of Internauts, if not millions, into handing over their usernames and passwords without giving it much thought.
The accounts of those who can’t be tricked are stolen with brute force attacks launched against the passwords.
A saying from Joseph Stalin comes to mind: The death of one man is a tragedy; the death of millions is a statistic.
In this case: the loss of one man’s account is a tragedy, the loss of a million accounts is a statistic (see LinkedIn breach).