Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Stolen UK consumer data up for sale on sale online

Image Description

Cybercriminals are selling stolen data pertaining to UK consumers on the dark web, according to new research by Which?

An investigation by the consumer choice brand has found that account details acquired from data breaches are being offered cheaply online.

Among the personal data up for sale on the dark web are thousands of stolen Tesco Clubcard accounts, as well as details connected with fast-food chains and high-end hotels. In the case of the Tesco data, Which? found that individual accounts, which contain usernames, passwords and loyalty card balances, were sometimes available for just 42p each when purchased in bulk.

“Our research has found a treasure trove of stolen data being traded by criminals on the dark web, highlighting the danger of companies acting carelessly with their customers’ sensitive personal information,” Kate Bevan, Which? Computing editor, commented. 

“The [UK’s Information Commissioner's Office] must be prepared to issue heavy fines against companies that leave customers’ personal data exposed to cybercriminals and breach data protection law, so that they are incentivised to prevent breaches.”

Data for sale

Which? was unable to ascertain how the stolen Tesco data was acquired – or even if it was legitimate – but the supermarket chain did confirm in March last year that a database of usernames and passwords stolen from other websites had been used in an attempt to access Clubcard accounts. At the time, it claimed that its own systems had not been hacked and that affected accounts had been notified and blocked.

In addition to the Tesco data, Which? researchers also found account details connected to Deliveroo, McDonald’s and the MGM Resorts hotel chain available to purchase. Prices varied depending on the information being offered but, regardless of the efficacy of the stolen data, the details could be used by cyberattackers to engage in follow-up attacks, including spear-phishing campaigns.

In addition to tougher action by the Information Commissioner’s Office, Which? also called for consumers to be granted an easier route to financial compensation when they are affected by a data breach.

Date

29 Jan 2021

Sources


Share


Other Blog

  • IBM snaps up cloud app firm Turbonomic

    IBM continues to build up its arsenal of AIOps offerings.

    Read More
  • Facebook is making it easier to run a business online

    Manage Facebook, Messenger and Instagram pages on one platform.

    Read More
  • What ban? TikTok is world's most downloaded non-gaming app in Aug

    Despite being under intense scrutiny in the US, and a ban in India, which was one of its biggest markets, TikTok was the most downloaded non-gaming app worldwide for August.

    Read More
  • AOC’s new curved gaming monitors give you smooth gameplay on a budget

    There are 24-inch and 27-inch models, but all have the same core specs, including a 165Hz refresh rate and FreeSync.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us