An online marketplace called Richlogs is selling – well, you.
The study claims that since April, the site has been selling packages that include a victim’s IP address, time zone, device information, and lots of other data that get logged into their browsers.
And, says the firm, that’s easily enough information to let the buyer convincingly assume that person’s identity online, and in theory at least therefore access as much of the victim’s personal data as they wanted, including their bank details – or, as it puts it,
“These sites enable the purchaser to impersonate a legitimate online user and circumvent standard security protocols, offering full credentialed access to any site that was stored in the victim’s browser. This includes Gmail, Facebook, bank accounts, credit cards, government tax sites, and confidential work sites.”
You might also like
Richlogs isn’t even the first to try and offer this ‘service’ – in November 2018 another site, Genesis, was unveiled, says the study, Digital Browser Identities: The Hottest New Black Market Good.
What’s even more disturbing is that the two sites use a new form of malware, or stealers, that have been “specifically designed to collect digital fingerprints and artifacts”.
These stealers not only steal credentials but also harvest many other data points to help them create the most accurate impersonation of the victim, warns the company:
“Digital identities, as they are sold on Richlogs and Genesis, offer the whole digital fingerprint of an individual on a plate, providing endless opportunities for fraud, scams, theft, and access to the victim’s personal life.”
The study suggests some sensible and practical ways to head these dangers off, including consistently and cleanly purging your cookie history, and we recommend readers check out the suggestions for their own protection immediately.