50c buys you someone else's password for Netflix, Spotify or ...
Carders selling hacked accounts for a pittance. And yes. Even for smut sites
Criminals are selling 'lifetime' Netflix, HBO, and cable sports streaming accounts for less than US$10 on sites hidden within Tor.
Premium sports accounts sell for about $10 while streaming TV can be bought for as low as 50 cents, far less than the $10 monthly subscription.
Comic fans can buy a stolen Marvel Unlimited lifetime account - meaning the victim is unlikely to shutter it - for 50 cents compared to the $10 monthly fee.
El Reg found the stolen accounts on the AlphaBay Marketplace accessible via the Tor network, on the back of the Intel report The Hidden Data Econonomy [pdf] which listed a few similar but more pricey offerings on another unnamed site.
Sellers are also flogging Premium Spotify, ComCast Xfinity, Uber, Apple, and Lynda training video accounts.
Some are offering Christmas specials including 'buy one get one free' stolen credit card deals.
Prolific vendor SkypeMan has sold more than 5300 Spotify accounts since September for less than $2 each, and 517 Xfinity accounts for $4 over the same time.
The seller has flogged more than 24,000 accounts since March.
Plenty of paid pornography accounts are also on sale in the very grey markets.
Buyers are advised to not change passwords on stolen accounts as this will alert and lock out the legitimate owner.
Drugs, weapons, malware, and credit card are also available. Australian credit cards replete with personal information including security question data, home addresses and complete card data, dubbed "fullz" in fraud circles, are being sold for $15.
Those cards appear to be stolen from compromised computers as IP address and browser information is also included.
Other odds and ends include an email bomb service that promises to "f**k any email account instantly" by signing up the victim to more than 1500 newsletters, and counterfeit cash, passport, and driver's licences. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust