Stolen data from the massive United States OPM hack is being sold on Dark Net underground forums for as high as $10 a set racking up a total of $140 million for the hackers
While exactly how much data was compromised in the OPM hack is still under scrutiny. Earlier news sources indicated that confidential information of around 4 million federal employees was hacked but now, latest news suggests that, the hackers who breached the US Office of Personnel Management accessed a second set of even more highly sensitive data. This may make it, perhaps the most biggest hacking incident in the history.
To understand what hackers stole, we have to look at the Standard Form 86 which is to be filled by everyone applying for National Security Positions in United States of America. Civilian employees have similar form to be filled. On Friday, it was revealed that all of the data on Standard Form 86— filled out by millions of current and former military and intelligence workers— is now believed to be in the hands of Chinese hackers.
Why is data so important?
The data which may be in the hands of alleged Chinese hackers may be worth $140 million if sold on the Dark Net according to Vocativ.
The Vocativ report says that some of the stolen data from OPM hack has already surfaced on the biggest marketplaces on the Dark Web.
The report says that among the Dark Net marketplaces which are listing the OPM hacked data are Agora, Alpha Bay and Nucleus. The stolen data is being sold in the range from 50 cents to $10 per data set, depending on the number of sets purchased.
Vocativ says that some sellers on the Dark Net were offering the sets in bundles of several thousand, at prices as low as 50 cents a set while others were offering a single set of personal information for $10 apiece.
A typical data set includes a person’s Social Security number, address, phone numbers, gender, date of birth, race, marital status and ethnicity which is enough to steal someone’s financial identity.
Vocativ also noted that some of the sellers on Dark Net used the phrase “updated 4.22,” on their wares to be sold indicating to the 4.2 million people affected by the breach. However some sellers were marking their stolen goods as “new DB added,” with “DB” referring to a database. It is unclear whether this means a new DB of additional compromised data.
On Friday, a Congressional official with knowledge of the investigation into the breaches said that the number of people whose information was compromised is likely to be closer to 14 million than 4.2 million. A back of the hand calculation indicates that the stolen data available for sale on the dark net underground forums could yield a whopping $140 million to the OPM hackers.