From Wired comes this story:
Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it’s been bought and sold in a black market made up of fraud artists and spammers, security experts say.
The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included.
That bit of news is, no doubt, making its way throughout media outlets around the country today. What I find interesting, however, is the discussion of how this information is thought to being used, in the sense of how the phishing/scam industry makes its money:
Independently, Wired News found that entries from the smaller cache are listed as mortgage leads on a spammer community site, specialham.com. (The website’s homepage offered no contact information and Wired News was unable to reach the registered owner of the domain, one “Juice Wobble.”) This suggests that the database was marketed as a lead list for outside businesses. “I can attest to the fact that this goes on with phishing groups,” says James. “They break in and steal leads and then sell those leads to (black market) leads companies, who resell them to legitimate companies, and sometimes the same companies they stole them from.”
I’ve seen how much entities like mortgage brokers are willing to pay for leads. It’s no wonder that phishers have such a financial incentive to engage in activity such as this.
