A cybercriminal is selling access to customer accounts from companies including Amazon, EE, Vodafone, Uber and Netflix - as well as offering tutorials on how to use these details - from as little as 34p.

Going by the name Courvoisier, the hacker is offering access to customers' account details allowing them to use services like Uber for free, or by using EE or Vodafone accounts to get access to free upgrades to the latest smartphones.

The accounts are being sold on Alpha Bay, a marketplace which sits on the dark web and is accessible only through a special piece of software such as the Tor browser where all communications are anonymised.

Prices for the account information ranges from as little as $0.50 (34p) for access to Netflix, up to $26.90 for access to an Amazon UK account. Over the weekend reports emerged of Uber accounts being sold for as little as $1 on Alpha Bay, but seller Courvoisier is currently selling access to "unlimited accounts" for $4.48.

Paying the asking price will give you access to login credentials (email and password). Using these online will give you access to the customer account information - including limited credit card details - as well as allowing you use the service to book free trips.

Uber accounts on sale on dark web
Uber account details on sale on dark web website AlphaBay from as little as $4.48 Screengrab


While purchasing Netflix, Uber, EE or Vodafone access will simply give you the login and password details, buying an Amazon UK account from Courvoisier will give you access to much more personal information, including credit card information, date of birth, address and banking details - however the seller does warn potential buyers:

"These materials were obtained from an Amazon campaign and the provided email + password SHOULD be valid for the cardholders' Amazon account login but WE DO NOT GUARANTEE the Amazon account login."

Dark web explained

The dark web is a section of the internet that is not indexed by search engines such as Google, and not easily navigated to using a standard web browser.

Accessing the dark web requires specialised knowledge and software tools. An example of this is content only accessible by using the Tor software and anonymity network, which while protecting privacy, is often associated with illicit activities.

The feedback however from those who have bought Amazon UK account details is overwhelmingly positive with the seller claiming to have 14 account details left to sell at the time of publication.

As well as selling access to these accounts, the cybercriminal is selling tutorials on how to go about using the stolen credentials, some of which, including one detailing how to use an EE upgrade package, are free of charge.

Positive feedback

Courvoisier is selling access to EE and Vodafone accounts which are eligible for an upgrade to a new smartphone> With the feedback from the 144 people who have purchased these credentials (costing $18) being almost entirely positive, it suggests the account details being traded are working.

It is unclear how these account details have been compromised. IBTimes UK contacted Courvoisier in an attempt to ascertain how these account details leaked, but at the time of publication we have not had a response.

IBTimes UK contacted all companies affected and Uber responded to say that it has investigated the claims and "found no evidence of a breach" but added that "attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report".

Vodafone UK accounts for sale on darkweb
Details of what you will get if you pay for access to a Vodafone UK account Screengrab

Phishing scam

A Vodafone spokesperson said the operator was looking into the matter and warned that it could be a social engineering scam:

"We are urgently investigating the matter to determine whether the claims of this illegal practice are correct. We strongly advise that no-one interacts with this group since it could be a scam to phish for banking details."

EE said it was looking into the matter while Amazon and Netflix have not responded to requests for comment.

Courvoisier moved to Alpha Bay after the sudden disappearance of Evolution from the dark web on 17 March when what was one of the popular dark web marketplaces was taken offline by the administrators with millions worth of bitcoin stolen in the process.