Security & Fraud

Hackers Are Selling Data Plus Selfies

Hackers are apparently getting more visual with a recent data dump for sale on the dark web — including a selfie of each user.

According to a report in NextWeb, Sixgill, an Israeli dark web research company, discovered a data dump for sale on a big Russian language dark web format that includes a selfie of the users. “We came across an advertisement in a closed-access forum which is predominantly Russian where someone was selling 100,000 documents for $50,000,” said Sixgill’s Alex Karlinsky in an interview with NextWeb. “These documents include their ID or passport, proof of address, and unusually, a selfie.”

According to the report, this appears to be one of the first times that a selfie of the user was included in the data being sold. While selfies alone don’t have much value to hackers, the report noted that combined with other identifying information, it could enable hackers to potentially open up bank accounts and get credit under the victim’s name.  That’s because some banks are enabling customers to open up an account via uploaded documents — including a selfie that is then used to verify the identity. Its common, noted NextWeb, with FinTech banking platforms.

The seller of the data was selling it in small pieces that are affordable, Sixgill said, noting another hacker is selling identities in that fashion as well — with a person’s ID documents and selfie — going for $70 each. “The easiest way of obtaining a selfie is from phones that have contracted malware,” Sixgill’s Karlinsky said in the interview. “The other way would be to maintain a website that keeps private info from people, and/or to hack into such a website.”

While using a selfie to verify identification isn’t common, companies are embracing it more frequently in recent months. Take, which was launched in July, and does exactly what it sounds like it does — it allows a potential customer to simply submit a selfie and let technology estimate the subject’s age, weight and BMI. It is from Legal & General Insurance and is part of its effort to get people to take out insurance policies.



Social distancing has changed eCommerce from a ‘want to have’ to a ‘must have’ for businesses, yet retailers could struggle to create convenient payment and refund experiences for their apps and websites, says Abdul Raof Latiff, head of DBS Bank’s digital institutional banking group. In the April 2020 B2B API Tracker, Latiff explains how banks can provide a timely assist via application programming interfaces (APIs) that integrate payments into those eCommerce platforms.