Hackers stole personal data of potentially thousands of women shopping for plus-size clothing and are now auctioning it off online. The hack is unusual but “worthwhile” as this type of data is generally used for targeted advertising and phishing campaigns.
A Message that Resonates
The hack was uncovered by cybersecurity firm DynaRisk following a breach that might date back to August this year. “This is not something we come across every day, and this is really uniquely terrible”, CEO Andrew Martin told Business Insider. “Most cybercriminals will find a list of 500 million hacked email addresses and they will bombard them with spam, but they don’t know what to send them. In this case, they know a message that might resonate with these women.”
Sending the right message to the right person at the right time is the main goal of any advertising campaign. Companies pay top dollar to gather enough data from customers and potential clients to be able to do so. In this case however, the aim is more likely spamming, scamming or phishing. The list of possible fraudulent products and services with which to scam people using this data is endless: false weight loss supplements, gym equipment, personal training, plus-size apparel, healthcare products, plastic surgery, etc.
For Sale on the Dark Web
According to posts made on dark web hacker forums, which were obtained by DynaRisk, hackers are discussing selling the personal data to third parties and have already solicited bids online. It seems mostly US women are the victims with their personal details having been sourced illegally from women’s clothing websites.
While the data may be sold on to other cybercriminals, it is also possible that a legitimate company might be interested. They might not even know (or don’t want to know) that the data was obtained illegally when it is sold through a data broker.
The amount of voluntary data sharing that occurs when shopping online is great. Nonetheless consumers have the right to expect that companies wouldn’t make their personal data available to third parties in whatever shape or form. Unfortunately, however, data breaches do occur. Even when businesses are taking cybersecurity measures.
Knowing how much personal information is worth in the data economy, people in the future might think twice about how much they decide to share online.