Data leaks on the darknet: types and trends

[Carding 4 Carders]

Agree, data leaks are so common today that we are no longer surprised. Every day we see notifications that someone's data has been successfully compromised, stored on an open server, etc.
The dark web today is a repository of all data that has ever been stolen, because it is inside the dark web that buyers for this product are located. Not so long ago, there was a study of one company that specializes in the field of cybersecurity. The firm is called Terbium Labs, and the study itself can be found here. Their work provides a pretty good analysis of the causes and consequences of personal data entering the darknet.
So what about leaks and data? Let's figure it out.

1. Database dumps​

Who hasn't been hacked at least once? There are many stolen accounts available in database dumps from all over the internet, from healthcare organizations and financial institutions to dating sites and internet forums. (Note: Pavlu: remember the massive hacking of Mail.ru mailboxes?)
There are plenty of such dumps on the darknet. Have you checked if you were hacked?

2. Doxing​

Doxing is a way to search for all kinds of information about a person in the public domain: all social networks, dating sites, and various popular services are analyzed. As a rule, the purpose of this event is to search for compromising evidence on the victim.
Doxing can also be ordered on the darknet.
Note: Pavluu: There is a more interesting thing in the Russian darknet and telegram, it is called "breaking through". Some closed databases are already connected here, which are not used in normal doxing, which makes the method more efficient.

3. Stores selling fake and real documents​

Forgeries, fakes, fakes. Anything: passport, driver's license, social security, ID cards ... All of this can be bought from the notorious sites on the dark web.
It is important to note that not only fakes are purchased on shady sites: for example, passport scans are quite real and are sold in BULKS.
Where do the real documents come from? Example: an employee of a municipal authority has access to all passport scans of the population. Why not sell them? For example, in the United States, the authorities of the state of Texas calmly trade in the data of residents.

4. Stores selling data of bank card users​

Of course, the development of such areas of earnings as skimming and carding has generated a demand for data from users of credit cards and debit cards. Carding forums are like mushrooms now. Think why?
Note Pavlu: By the way, about 140 attacks were recently launched against a member of our team. As a result, 50 EUR was withdrawn from the card. As it turned out, he had been entering card details on a very high-quality phishing site for a long time.

5. Fake tax returns​

This is of course lol. But still .. Such a market is also developed in the foreign darknet. Are you hiding your income? You will definitely be helped! However, there is a chance that this is still a scam, we do not recommend trying.

6. Instructions for opening accounts using someone else's data​

Well, this is already as old as the world. But nevertheless, for example, having bought a couple of scans of a passport, you can safely make a QIWI or YAD wallet.
Similar instructions for creating identified wallets are scattered across all onion forums, so passport data is really in trend.

7. Scam and fakes​

Various fake sites. For example, a fake of the same Hydra, through which you can steal wallet data and funds on it.
Another example is fake exchanges, through which payment data and money are also stolen. And sometimes passport data, but only the weak-minded are carried out for this.

8. Fails of large companies​

For example, the recent Facebook file and the Cambridge Analytica scandal, which was reported in all the media.
Another example is Vkontakte fail, when it was possible to access the phone number linked to any page.
Another unpleasant example is the recent file of the MEGA cloud storage.

9. Source code dumps​

Another favorite pastime of disgruntled ex-programmers or successful hackers who want to make good money or prove their point is dumping the source code of a project into the dark web. This kind of information can be worth millions of dollars.

In general, as you may have noticed, there are a lot of ways to get data into the darknet and no one is immune from this. All that remains for us is to periodically check the presence of our data in dumps and on various shadow forums. And, of course, you should be careful: about 70% of data is stolen using phishing.