Data Brokers: Who’s Tracking You?
Hackers Know All About You
You already know how data breaches occur. Maybe you're fluent in the ways exposed information travels across the internet. Perhaps you even know all about the Dark Web, that uncharted segment of the internet where illegal transactions occur. But you may not realize how scammers rake up all your private bits of leaked information to create a complete or near-complete profile of your digital identity. For hackers, the potential for all that personal data can generate significant profits.
Hundreds of legitimate businesses collect, categorize and sell your information. The list starts with the Big Three credit bureaus—Experian, Equifax and Transunion. Yet, hackers have compromised each of these firms in recent years, sometimes stealing complete credit histories or highly sensitive personally identifiable information (PII). These firms possess massive files that include your Social Security Numbers (SSN), employer details, bill payment history, financial institution records and medical insurance numbers.
Smaller data brokers focus on targeted areas like rental information, which tracks tenant payment habits and property damages. Others follow your employment history and past salaries. So-called "people locators" collect data on you, your relatives and your current and past addresses that others purchase.
All this collection occurs without your consent or knowledge. Hackers get the data, then use it to commit numerous crimes. Even a single data point--a name, a password or email address—can cause significant damage.
Recently a U.S. security research company discovered a record-breaking 8.4 billion password collection for sale online, dubbed RockYou2021. In 2019, intruders breached an email verification firm, exposing over 750 million email addresses. These massive leaks keep feeding scammers' hunger to cash in on your stolen information.
What's a Fullz?
Once files contain numerous data points, they're called a fullz. That's hacker slang for a full data profile on one single individual. Not just your Social Security Number (SSN), date of birth and home address live inside that fullz. There's much more.
To earn that fullz label, the digital file should include credit card data paired with expiration date and CVV code, driver's license number, and various other details that could even contain health insurance data.
A fullz sells for far more on the Dark Web than a simple credit card number because a thief can do much more with it. Opening new accounts, forging a new driver's license or taking out a mortgage are examples. The data can land in password dictionaries hackers use or employed in a variety of password attacks.
The creation of more full files could explain the recent three-fold jump in credential stuffing attacks. This heavily automated tactic tries username and password combinations stolen from one website to open other accounts and make purchases. Stuffing works well wherever consumers reuse their passwords.
Hackers Pay Peanuts
These files are the Holy Grail of hackers who both seek and exploit data routinely. Some buy files on the Dark Web while others adopt a build-your-own approach collecting bits from past data breaches and other leaks. If your information's in their digital file, it may be problematic.
Regular folks are shocked to learn the prices for stolen data on the Dark Web. In 2021, a fullz sells for around $10, give or take; prices are higher in other nations and in Europe, but $25 will cover the cost anywhere on Earth. Credit card number sales glean only $1 on average in the U.S. Even PayPal credentials cost more than that! All these stolen records sell in large 100 or 1000 lots, and buyers pay with cryptocurrencies.
If you haven't kept up on America's data breach trends, here's a reminder that data breaches have exploded in recent years. Check the realities at Informationisbeautiful.net. Be sure to scroll to the bottom of the page, which covers 2004 when data breaches were rare. It's a visual reminder that breaches have mushroomed, and all these leaks are fodder for thieves.
Be skeptical if anyone on the planet tells you they've never had their PII stolen. Estimates vary, but thieves have compromised between 11 and 13 billion documented records. That's more than one for each human on Earth. The total figure is unknown, but it's only a matter of time until your details pop up on the web.
Practice these habits to protect your PII.
- Shred documents received by mail that are chock full of PII if you no longer need them.
- Switch sensitive files to electronic delivery if the senders employ strong security.
- Evaluate trash before you toss it out. It's common to see individuals searching trash cans for data. Even an empty pill bottle could be monetized.
- Never stop monitoring your credit and other private data.
- Perhaps the most potent step you can take is to activate 2-factor authorization or 2FA for all your sensitive accounts.
Some individuals enjoy tracking their private data weekly, but others dread such a time-consuming task. IDShield is in business to do the work for you; we track all your major data points 24/7. We also track files most individuals find challenging to access. That list includes payday loans and the U.S. Postal Service address change repository that detects a hacker trying to redirect your mail and steal your identity.
IDS also offers tools to get your personal information deleted by "people locater" firms like Spokeo and the Whitepages. It is possible to claw back some of your privacy and security, but it's far better never to share it in the first place.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.