- Статьи
- Internet and technology
- The economics of leaks: how stolen personal data gets back into the hands of scammers
The economics of leaks: how stolen personal data gets back into the hands of scammers
Cybercriminals massively resell data from old leaks, passing them off as the results of new hacks. A full-fledged economy with its own rules and participants is being formed around long-published databases. This trend creates additional risks for people whose information has been compromised. The main risk is that the "old" data does not lose value, but becomes part of a person's digital profile, experts say. Even long-standing databases, past passwords, phone numbers, and addresses are used to create more accurate attack scenarios. Details can be found in the Izvestia article.
The danger of past leaks
A system of re-monetization of outdated leaks has developed in the shadow market of digital data. A trend noticeable on the shadow sites of the dark web was discovered in Positive Technologies. Cybercriminals find databases that were published months or even years ago. Then they put them up for sale, accompanied by loud statements about the new compromise of personal information. Some members of the shadow community do not verify the origin of the databases and are willing to pay for information that is already freely available. At the same time, the cost of one data set can reach several thousand dollars.
Last year, according to F6, more than 767 million lines with users' personal data entered the public space. According to Roskomnadzor statistics, 118 cases of personal data databases compromise were recorded in 2025, and more than 52 million records appeared on the Network. In 2024— there were 135 leaks, over 710 million records.
According to a Positive Technologies study reviewed by Izvestia, messengers are becoming the key channel for generating demand for compromised information and its re-sale. The income from the resale of old databases can be quite significant. One of the administrators of the channel with leaks admitted that he earned about $ 130 thousand in a month.
"The problem is that even if the leak occurred several years ago, the information contained in it can be used to prepare new phishing attacks, compromise, or for primary intelligence," Dmitry Streltsov, a specialist at Positive Technologies International analytics group, told Izvestia.
The main risk is that old data does not lose value, but becomes part of a person's digital profile, warns Yuri Tyurin, Technical Director of MD Audit (Softline Group shareholder).
"Even outdated databases, old passwords, phone numbers, and addresses are used to create more accurate attack scenarios," he notes.
Attackers combine them with new leaks, forming a complete picture: habits, connections, financial patterns. For the user, this means an increase in targeted attacks: not mass spam, but personalized phishing, calls from the bank, and attempts to hack accounts through access restoration.
The accumulation effect has become a separate risk — a person can already forget about the old service, but his data continues to work against him. Reputation and privacy are also affected: old data can be used for blackmail or social engineering. As a result, the problem shifts — it is not the leak itself that is dangerous, but its "long life" and reuse, Tyurin emphasizes.
What harms the leak economy?
For most people, the growing economy of leaks is dangerous because more and more intruders will use the personal data contained in the databases to carry out fraudulent activities. Having gained access to personal information, attackers will be able to use it to inspire confidence in themselves. This strategy is already being used by phone scammers: during conversations, they mention the victim's data obtained from leaks, for example, date of birth or place of work. Thus, they create a convincing impression that they supposedly have official access to closed databases, while in fact personal information is obtained from leaks.
There is another example — by gaining access to merged databases, malicious cyber groups can compose well-worded phishing emails mentioning personal information. Its presence in such emails may more strongly encourage the victim to click on a phishing link or open a malicious file from an attachment.
— The problem is that with the development of artificial intelligence, it is becoming easier for attackers to compose such letters. And it is possible that in the future they will have tools based on artificial intelligence technologies that will independently analyze leaks, extract information about people from them and based on it in a matter of seconds, compose and send phishing emails with minimal human effort," warned a senior expert at the Global Center for Threat Research and Analysis (Kaspersky GReAT) Georgy Kucherin.
A lot of Internet users constantly leave behind an active "digital footprint". By posting data on social networks and filling out questionnaires on websites, they post a lot of information about themselves online, both public and private. The leaks that occur lead to the fact that personal information is actually shared. As a result, information about a person that is considered very personal can become available to almost anyone on the Internet: for example, residential address or information about a close social circle.
Many people have a naive stereotype that no outsider will be able to obtain such information. Most likely, in the near future this myth will be destroyed, and people will perceive the availability of publicly available personal information about themselves as a given.
The new reality
Many people sincerely believe that once the leak occurred five or ten years ago, then there is nothing to worry about. The main danger of the "leaked data economy" for the average person lies in its accumulative nature. As a rule, no single compromise causes critical damage: the address from the old questionnaire, the phone number from the merged database of the fitness application, the date of birth from the information of the online store - each fragment looks harmless in itself. But, according to Yuri Tyurin, "data archaeologists" earn precisely by gluing these fragments from dozens of sources into a single, detailed portrait of a person.
As a result, real-life monetization mechanisms for leaked data turn the average consumer into a "living resource" for fraudsters. Moreover, the damage is often delayed in time and is not always immediately obvious. It's not just one particular leak that is dangerous for people, but the normalization of the market for their personal information itself, where each new data theft increases the risk of losing finances and reputation.
Since it is impossible to delete information from the Network without a trace, we need to learn how to live in a new reality, accepting the fact that intruders know much more about us than we think. The most effective way out is to transfer the information security concept of zero trust (a cybersecurity model based on complete distrust of any entity both inside and outside the company's perimeter) to personal security, says Mikhail Marchenko, head of information security at T1 Cloud Infrastructure.
Humanity is moving towards a model where data is considered "compromised by default," Andrey Kuznetsov, CEO of RuBecap LLC, is convinced. This changes the approach: protection is based not only on saving data, but also on minimizing damage if it leaks. For cybersecurity, this means the transition to permanent verification (zero trust), the abandonment of passwords in favor of multifactor authentication and biometrics, as well as a shorter data lifecycle.
Переведено сервисом «Яндекс Переводчик»
