An online marketplace called Richlogs is selling stolen digital fingerprints that include access to a person’s entire online presence or web activity.
Since it emerged in April, Richlogs has been selling packages that include a victim’s IP address, time zone, device information, and other data that are logged into their browsers. Basically, it’s enough data to let a buyer totally assume their identity online, according to a report published Wednesday by the cybersecurity firm IntSight. With that information, a buyer could also presumably access as much of the victim’s personal data as they wanted, including their bank accounts — a chilling level of access.
The kind of information being sold through Richlogs would give a buyer everything they needed to steal of assume someone’s identity online — with all of the passwords, logins, and other cached data, they would be able to perfectly impersonate someone’s online activity and bypass security.
Specifically, IntSight says attackers could use the data to hijack social media accounts, credit cards and other payment services, online shopping accounts, and basically anything else that requires a login and password could be compromised. As of when IntSight published its report, 1,105 accounts were up for sale on Richlogs.
According to the report, the digital identities sold on Richlogs “offer the whole digital fingerprint of an individual on a plate, providing endless opportunities for fraud, scams, theft, and access to the victim’s personal life.”