Data Dump with Selfies Found in Russian Dark Web Forum

A post in a predominantly Russian-language dark web forum was reportedly selling a data dump with records that had an unusual "extra" bit of data: each record included a selfie of the user. A research firm stumbled upon it through an advertisement that claims to sell 100,000 documents for US$50,000. The data dump primarily contains documents that include ID or passport, proof of address, and a selfie.

While it’s not uncommon for data dumps to have different forms of information, the discovery of selfies among the records raises a more serious concern that may not be typically applicable with other forms of personal information. When a selfie of a user is combined with other more personally identifiable information (PII), cybercriminals can have the capacity to open bank accounts and access credit under the victim’s name. Some banks allow customers to open accounts using uploaded ID scans, such as a selfie, to complete an identity verification process. The practice has become more common as banks look to replace traditional branch services with online alternatives.

The research firm wasn’t able to identify the source of the dump, but listed possible origins:

  • Malware-infected phones where a selfie is stored
  • Websites that keep private information
  • Improperly secured cloud storage platforms like Amazon S3

Besides the $50,000 price tag, the same cybercriminal provides a cheaper deal for $70 — a package comprised of an individual’s ID documents, including the selfie.

Variety in underground marketplaces

Trend Micro also monitors underground marketplaces, and the inclusion of some products and services in cybercriminal offerings proved to be notable because they don’t involve the usual cybercrime-as-a-service tools for threats such as malware and DDoS.

The Russian and Chinese underground markets trade stolen credit cards, hacked loyalty program accounts, and fraudulent redemption of freebies, discounts, and rebates in the form of coupons, among others. These stolen accounts can allow a cybercriminal to tour the world for reduced prices of up to 50 percent.

Meanwhile in the Middle Eastern and North African Underground, Supervisory Control and Data Acquisition (SCADA) port numbers were shared for free.

Moving away from underground elements

To protect personal information that can be stolen and traded in these underground markets, users should manage what they share online and learn how to defend against phishing attacks.

Businesses should coordinate with law enforcement agencies when they discover suspicious and malicious transactions. Doing so can empower legislators to strengthen their policies against cybercrime. In addition to that, businesses should ensure the privacy, security, and integrity of the gatewaysendpointsnetworksservers, and other infrastructure used to manage their business processes.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.