Security & Fraud

Hackers Are Selling Data Plus Selfies

Hackers are apparently getting more visual with a recent data dump for sale on the dark web — including a selfie of each user.

According to a report in NextWeb, Sixgill, an Israeli dark web research company, discovered a data dump for sale on a big Russian language dark web format that includes a selfie of the users. “We came across an advertisement in a closed-access forum which is predominantly Russian where someone was selling 100,000 documents for $50,000,” said Sixgill’s Alex Karlinsky in an interview with NextWeb. “These documents include their ID or passport, proof of address, and unusually, a selfie.”

According to the report, this appears to be one of the first times that a selfie of the user was included in the data being sold. While selfies alone don’t have much value to hackers, the report noted that combined with other identifying information, it could enable hackers to potentially open up bank accounts and get credit under the victim’s name.  That’s because some banks are enabling customers to open up an account via uploaded documents — including a selfie that is then used to verify the identity. Its common, noted NextWeb, with FinTech banking platforms.

The seller of the data was selling it in small pieces that are affordable, Sixgill said, noting another hacker is selling identities in that fashion as well — with a person’s ID documents and selfie — going for $70 each. “The easiest way of obtaining a selfie is from phones that have contracted malware,” Sixgill’s Karlinsky said in the interview. “The other way would be to maintain a website that keeps private info from people, and/or to hack into such a website.”

While using a selfie to verify identification isn’t common, companies are embracing it more frequently in recent months. Take, which was launched in July, and does exactly what it sounds like it does — it allows a potential customer to simply submit a selfie and let technology estimate the subject’s age, weight and BMI. It is from Legal & General Insurance and is part of its effort to get people to take out insurance policies.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.