Stolen Uber accounts worth more than stolen credit cards

Uber, PayPal and even Netflix accounts have become much more valuable to criminals, as evidenced by the price these stolen identifiers now fetch on the so-called „deep Web,” according to security company Trend Micro.

Stolen Uber account information on underground marketplaces sells for an average of $3.78 per account, while personally identifiable information (PII) was listed for $1 to $3.30 on average, oddly down from $4 per record in 2014, according to data compiled by Trend Micro for CNBC last week. (PII includes any information that can be used to commit identity fraud, like Social Security numbers or date of birth and varies in price depending on the specific information for sale.)

So how could a criminal use a stolen Uber account? Those credentials can either be used to build a fuller picture of a victim for identity theft, or they can be used to charge phantom rides, experts said. A phantom ride is when a criminal sets up a fake driver account, and charges nonexistent rides to stolen accounts.

They also found the following accounts for sale at these average prices per account; PayPal — with a guaranteed $500 balance — ($6.43), Facebook ($3.02), Google Voice (97 cents) and Netflix (76 cents). By contrast, U.S. issued credit card credentials, sold in bundles, were listed for no more than 22 cents each.

„It’s an incredible underground ecosystem. There is a high level of competition for these criminal buyers and there are a lot of different types of forums. It’s incredibly diverse, but incredibly mature,” said Ed Cabrera, the company’s vice president of cybersecurity strategy.

„The reason why credit cards are worth less to crooks at this point is because banks and credit card issuers have developed more sophisticated fraud detection systems, rending stolen cards worthless very quickly”, said Forrester research analyst Andras Cser.

The fact that people often use the same password across multiple accounts makes security particularly challenging. Experts say companies should employ to new technology to offer users better protection from hackers.
„The time has come to move away from passwords. They should be looking at behavioral biometrics solutions to authenticate users — how the user actually behaves, how they hold a phone, how big their fingers are and how hard they press the touch screen,” said Cser.

Source: cnbc.com