Cybercriminals have reportedly been found selling personal information of over 110,000 people from Edinburgh on an unspecified dark web marketplace. The sale is allegedly part of a wider underground identity trading scam. Email ids, passwords and credit card information have been leaked.
To make the sale more attractive, the dark web vendors have even reportedly offered money-back guarantees for bulk purchases. The cybercriminals also allegedly "guarantee" an 80% accuracy rate for the data being sold.
The Scotsman reports that London-based data firm C6 conducted an investigation to unearth the extent to which the scam has affected internet users.
The investigation found that a total of 115,333 cases of data relating to identities of residents of the EH1 and EH4 postcodes were most affected by the breach. There is no real way to pinpoint how many people have been directly affected by it. It is also unclear if the data was harvested as part a single breach or was accessed from multiple sources.
The identity of the cybercriminals behind the scam also currently remains unknown.
Identity theft requires a certain number of variables for it to be useful for hackers. With just the username and password, not much can be done, but over time, each of them can be slowly enriched with more information. This process takes anywhere between a few weeks and over a year.
Emma Mills, COO of C6, said: "We don't clearly understand the impact of having our identities compromised and how long and painful it is to re-build that genuinely – it causes problems with applying for credit or any other form of account."
Chief Inspector Scott Tees, Police Scotland Safer Communities, said: "Anyone who feels they have fallen victim to cybercrime in any form is always encouraged to come forward and report it to us."
He added: "If you suspect you have been targeted, please contact us on 101. The most effective way for people to protect their identity and avoid fraud online is to stay secure. Prevention is key."
In a survey released by Keeper Security Inc, it was found that 87% people use the same login ID and password for most of the sites they visit. In such cases, a hacker with a username and password could access multiple accounts at once. By simply clicking on the 'forgot password' option, it is possible for them to change or manage a number of accounts without the affected person even knowing about it.