Passwords are key to your online identity. When hackers steal it, they mess up your financial information, business contacts, and reputation.
Whether you use the same password for most accounts or vary and change your passwords frequently, no one is 100% safe from all hackers. Acquiring passwords is more straightforward than most people think and hacking is big business, with multiple ways for thieves to steal your password and money.
Do you suspect your password has been compromised and wonder who took it or how it will be used? Perhaps you want to arm yourself with the information in advance. Follow along as we explain what happens when your password is stolen – who takes it, sells it, and where it goes.
How Hackers Get Your Password
Phishing scams used to be easy to avoid. However, as hackers recognize the gain of creating fake email and web accounts (whether through links, email addresses, or web pages), they have enhanced their skills.
One method is to send emails which looks legitimate until you check the actual web link or return email address. It is then you will notice a misspelling or drastically different address.
Other times, you’ll be asked to enter or confirm information (such as for your bank, PayPal, Amazon account, or social security administration details). You might go to a website which looks identical to the real site but is a fake copy meant to trick you.
Sometimes entire websites or companies are compromised by hackers. When this happens, a user’s password information is used, sold, or posted on the dark web. By the time you find out it’s probably too late.
Using free Wifi or sharing someone’s hotspot at a cafe, public location, or even when you’re at home can compromise your information. The hacker can use easy to access applications that will track and monitor everyone using that public Wifi. You will be unaware that they can now use or sell your password. Look up your username and accounts on Social Catfish.
What Can Hackers Do with Your Password?
The short answer is that – once accessed – your passwords travel far on the web.
First, the hacker will inventory all the stolen information to make it easy to use, share, and sell by placing it into a file.
Next, as the information is most commonly sold in bulk, the purchaser will pay more the newer the info is. According to Quartz online, purchasing I.D. number, address, name, DOB, and bank or credit information will sell from $1 to $450. The average (median) price is said to be just over $20.00.
Either the original hacker or the buyer will then comb through all of the information with a fine-tooth. They will highlight any highly desired information (such as birthdate, credit card details, address, driver’s license #, etc.) to find the most lucrative accounts.
This information is then turned into specific, detailed credit card information and sold to a broker, in bulk. The ‘broker’ sells this information to ‘carders’ who usually buy things online to avoid being caught.
They might make purchases through Amazon or buy gift cards. They will then spend these gift cards freely and sell the items they’ve collected (electronics, etc.) for additional cash.
This is not the end of the story:
Even after the first hacking and theft, these authenticated details and information will again be re-sold at a discounted bulk price. Or, the details will be posted on a dark web network like Tor Browser. Often most of the features have been used, or passwords changed, but thieves might still discover profits.
To Avoid This Happening to You
Use encrypted passwords, do not use the same password for every account, change passwords regularly (several times a year is a minimum, every three months is best), avoid unknown/shared/public Wifis or hotspots.
Do not use easy-to-guess passwords or let websites save your information. If you follow these steps, even if one password is hacked, your other accounts will be safer!