Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Security Privacy The Almighty Buck

Study Finds Hundreds of Stolen Data Dumps 58

Steve writes "SecurityFix reports that a group of researchers from Germany published a study in which they analyzed several hundred so-called 'drop zones,' i.e. anonymous collection points of illicitly collected data stolen with the help of keyloggers. 'Their findings, which drew from stolen data harvested from these drop zones between April and October 2008, were staggering: 33 gigabytes worth of purloined data from more than 170,000 victims. Included in those troves were more than 10,700 online bank account credentials, 149,000 stolen e-mail credentials, 5,682 credit card numbers, and 5,712 sets of eBay credentials. [...] Using figures from Symantec's 2007 study on the prices that these credentials can fetch at e-crime bazaars, the researchers estimate that a single cyber crook using one of these kits could make a tidy daily income. The full report [PDF] contains some more interesting details.'"
This discussion has been archived. No new comments can be posted.

Study Finds Hundreds of Stolen Data Dumps

Comments Filter:
  • by theaveng ( 1243528 ) on Friday December 19, 2008 @08:44AM (#26171485)

    I've often thought that, over the ~15 year span that I've been surfing the web, I opened-up way too many accounts. I've forgotten most of them, and yet my name and address still sits there in the databases just waiting to be hacked (or sold).

  • And a.... (Score:2, Funny)

    by Anonymous Coward

    "10,700 online bank account credentials, 149,000 stolen e-mail credentials, 5,682 credit card numbers, and 5,712 sets of eBay credentials."

    *sings* And a partridge in a pear tree...

  • Ofcourse anyone might become a victim of these types of things, but the probability of someone becoming a target is greatly influenced by the really basic security things to do.

    In many other types of things it is the stupid(ie. one not taking care of own part) that pays, but unfortunately in most of these types of things, it is the bank or other institution that had to stay for the costs, leading them to be part of the costs spread out on everyone.

    Thus there really should be some sort of competence required

  • Amazing how criminals are always the first to use any new tech. []
  • many of the victims of these sorts of things are victims of their own stupidity or greed.
    if a normal person gets an email letting them know they have a problem with their bank account, with a bank they dont bank with, in a country they dont live in, where the bank is asking for their card details to make sure they are fine... said person would delete the email and do nothing more about it. people who get scammed will send off their card details thinking "ohh, the bank of america opened an account for me" or

    • Well, personally I've found out about actual bank accounts I didn't know about. However that's always by mail(snail) and they never ask for any details.

      They usually go either like "You havn't touched this account in our bank for years, we'd recommend you going past our local bank office and going through it".

      or "We've closed this empty inactive account, thank you for your time"

  • Make sure the mutants don't get the little dudes.
  • How should i see this. Is it like forgotten it-resources left behind by hackers or the like? Will we find a lot of these 'left behind', forgotten data stashes in dark corners of the Internet in the future? Will there be cyber-spider-webs and cyber-cockroaches crawling around?
  • Don't take one of mine!

  • Assuming that each record is unique, a potential total of 171,094 records, and about 192.876KB per record.

    That's a lot of data for each record... And if these are just credentials, such as account numbers, user IDs, passwords, security questions, this is a passably HUGE amount of data being claimed.

    I suspect there is a lot of duplication out there. We know of 33GB, but how much is the same lame accounts re-listed and re-sold over and over?

    While 171k+ of accounts isn't nothing, I'm disappointed they didn't

  • Sorry to say.. (Score:2, Insightful)

    Is it just me, or does this seem pretty sad, that so many of today's so called security companies, don't bother to contact the victims of this to at least tell them "Hey you might want to change your password to your online banking, someone stole it, or etc..."

    I am dissapointed by our leading security community, for leaving these "dumps" in the open to review them, yes after a few days or weeks of activity, ...ok, but then afterwards, contact the victims and let them know they have been compromised.

    When do

  • job well done. They realized that the crooks stealing information from average computer users - novice, gullible and/or unconcerned - are just as susceptible themselves. Bugs in the exploiting software, misconfigured servers, and unsophisticated application programming logic can be used against them. The drop sites can be identified and apparently often times compromised, there is weakness in the system. But not just any system, a systemic international problem of organized crime (at times loosely) that thr
  • How many of us have been at least intrigued by the idea of working on something like this? Granted, yes, it is illegal and immoral, but I'm sure it is a really interesting challenge.

    Spit out keyloggers at a few hundred thousand/million computers (which sounds like a fun task to begin with), then set up a dump where all the logged keys go. Write some perl to look through the dumps searching for CC#s, SSNs, bank account numbers, passwords, etc. etc. and sort them accordingly. Then dump all of this into a se

  • Guys, can someone tell me how the hell is what looks to me a text data of CC numbers and other credentials be 33GB??? and only for 171000 people. It's only text!!! Do they have a hi res images of folks they still data from as well?? How can this data be so large???
  • If you think about it, the numbers are not that surprising.

    Just think of how many people have had World of Warcraft accounts jacked with keyloggers. This could simply be a repository for jacked WoW passwords for use by some gold resellers, who also managed to capture all the other data. The email captures are of particular interest as this could be used to keep up to date on password changes made by the OWNER of the accounts even if the keylogger is lost.

    When you compare the numbers in TFA to the accountbas

FORTUNE'S FUN FACTS TO KNOW AND TELL: A giant panda bear is really a member of the racoon family.