For credit cards, 94.5% of the cases detected on the dark web include full card details with cvv number and expiry date, and in half the cases the cardholder's first and last name are also correctly matched

Approximately half the stolen accounts are linked to entertainment sites, mainly gaming and online dating.

The pandemic has provided more opportunities for hackers, with a further acceleration of criminal activities in 2021.

Data from the CRIF Cyber Observatory confirms that in the first half of this year, over 1 million alerts were received from users regarding an IT attack on their personal data, an increase of 56.3% compared to the previous survey.

In particular, the analysis focuses on alerts relating to information found on the dark web (i.e. a set of web environments that do not appear through normal Internet browsing activities and require specific browsers or targeted searches), within which billions of records are illegally circulating. In the first half of 2021, we saw an 18% increase in data found on the dark web compared to the second half of 2020. It is precisely in these environments that the largest amount of information obtained through cyber fraud is found. In Italy, 72.9% of users were alerted in relation to data found on the dark web, compared to 27.1% alerted in relation to data found on the public web (open web).

The environments in which the largest amount of stolen data is exchanged are forums, blogs and messaging platforms. In addition to specific search engines (e.g. TOR, DuckDuckGo), Telegram in particular is increasingly becoming a kind of virtual meeting place for hackers alongside the dark web, with the same purpose of sharing personal data, such as lists of stolen e-mail addresses and passwords.

"A huge amount of data is circulating on the dark web in relation to unsuspecting citizens, who run the risk of being the victim of identity theft and online scams. However, the level of knowledge and awareness of large sections of the population is still very low and even minimal forms of protection are not adopted, such as choosing sufficiently complex passwords, not using the same password for several accounts and changing it frequently, and storing credentials safely and not sending them by e-mail or text message. Hackers are getting more and more aggressive and users need to defend themselves by adopting good practices to make life more difficult for them," commented Beatrice Rubini, Executive Director Personal Solutions at CRIF.

THE MOST VULNERABLE DATA CIRCULATING ON THE DARK WEB

According to the CRIF Observatory, the personal data that predominantly circulates on the dark web, and therefore most exposed to the risk of attacks against unsuspecting victims, are passwords, personal or company email addresses, usernames and telephone numbers. In the first half of the year, first and last names were also among the top five most vulnerable data.

This valuable information could be used to commit fraud, for instance through phishing or smishing. However, there are also exchanges of financially relevant data, such as credit card details and IBANs. 

Looking at the main combinations of data intercepted on the web, there has been a marked increase in the number of cases where full credit card details appear correctly matched with the cardholder's first and last name (56.4% of cases in the first six months of 2021 compared to 20.8% in the previous six months). This clearly exposes them to a high risk of suffering fraud or unauthorized transactions.

Similarly, in almost 9 out of 10 cases the matching of usernames and passwords was intercepted, resulting in a very high risk of intrusion into victims' secure areas.

Source: CRIF Cyber Observatory

The Observatory's findings also highlight that, in the first half of 2021, the cards found on the dark web are mainly debit and prepaid cards, with around 70% of cases in Italy. However, personal data can also be found on the open web. In this case, in the first half of 2021, users in Italy were alerted about their e-mail address (in 58.2% of the data collected), tax code (37.6%), phone number (1.9%), username (1.7%), and address (0.5%).

MOST COMMONLY USED PASSWORDS

Globally, in first place in the top 10 most used passwords in the first half of 2021 is "123456", followed by "123456789" and "qwerty", as in the previous six months. A change can be seen in the bottom positions of the top 10, where "querty123" overtakes "1234567890".

"These are very simple combinations of numbers and letters that are easily intercepted by hackers and therefore highly vulnerable. On the other hand, the use of such basic passwords reveals the inexperience or laziness of some web users, who often do not follow the most basic rules to protect themselves from attacks, for example by choosing long and different passwords for each important account, with combinations that have no link with personal information. To limit the spread of this sensitive data, it is important for users to activate two-factor authentication where possible, to prevent hackers from accessing accounts even after having discovered the username and password. It is equally important to pay the utmost attention to the use of public Wi-Fi networks, where even the most secure password could be intercepted, and to the risks associated with storing credentials on public or shared computers," explained Beatrice Rubini.

THE MOST HACKED ACCOUNTS AND WHAT THEY ARE USED FOR

Stolen credentials can be used for a variety of unlawful activities, such as hacking into victims' accounts, misusing services, sending emails with requests for money or phishing links, and sending malware or ransomware in order to extort or steal money.

Through a qualitative analysis of the contexts in which data circulates, the CRIF Cyber Observatory was able to categorize the accounts according to the purpose of use.

• Almost half of the accounts detected (46.6%) are related to entertainment, especially online gaming and dating In addition, the phenomenon of e-sports (competitive organized online gaming) is growing and platforms require paid subscriptions. Theft of subscription accounts can lead to substantial financial losses.
• Theft of forum and website accounts (20.8% of the accounts detected) was the second most common form of theft, and has risen sharply since the second half of 2020.
• In the case of streaming service accounts (18.7% of the accounts detected), the risk of theft could also lead to direct financial consequences for the victims. These accounts can be resold and used illegally, e.g. they can be used without the account holder’s knowledge by other people: one way to notice this is if content we have never selected appears in the 'continue watching' section.
• Theft of social media accounts (which account for 13.7% of the accounts detected) such as Facebook, Twitter, Instagram, and LinkedIn can lead to attempted fraud and identity theft with serious consequences for the victim.
• Corporate databases account for 0.2% of the accounts detected.

Source: CRIF Cyber Observatory

MOST EXPOSED Users

Analyzing the characteristics of Italian users who, in the first six months of the year, received at least one alert about a possible theft of personal data, the study shows that the age groups most affected are 41-50 and 51-60, with 27.1% and 25.3% of the total respectively, followed by the over 60s with a share of 24%.

Younger users under 30 are significantly less represented (only 6.5% of the total), perhaps due to their greater familiarity with digital environments.

As far as the gender breakdown is concerned, the majority of users who received an alert were men (64.2% of the total), while women accounted for just over a third of alerted users (35.8%).