3 min read

US Authorities Shut Down SSNDOB Marketplace Selling Data of over 24 Million People

Radu CRAHMALIUC

June 08, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
US Authorities Shut Down SSNDOB Marketplace Selling Data of over 24 Million People

The US Department of Justice has shut down SSNDOB, a popular darknet marketplace for trading compromised Social Security Numbers, dates of birth, credit card numbers, and other sensitive personally identifiable information (PII).

Thought to possess the stolen PII of over 24 million Americans, SSNDOB operated using at least four related domains: "ssndob.ws," "ssndob.vip," "ssndob.club," and "blackjob.biz." It employed a series of complex tactics to avoid attacks from competitors and crackdowns by authorities.

Cybercriminals routed operations through other countries

The cybercriminals used bitcoin for payments and routed traffic through servers in Cyprus and Latvia, which meant the joint task force assigned to halt the operation, which included FBI and IRS agents, had to work closely with their European counterparts.

“Identity theft can have a devastating impact on a victim’s long-term emotional and financial health,” said Special Agent in Charge Darrell Waldon from the IRS. “Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised.”

A multimillion-dollar business

According to blockchain analysis firm Chainalysis, SSNDOB started receiving bitcoin payments as early as 2015 and had revenue of over $22 million. Moreover, it seems to have had a close partnership with defunct darknet marketplace Joker Stash, to which it sent a payment of $100,000.

A Bleeping Computer investigation also revealed that much of the data SSNDOB had come from hospital data leaks.

Brokering criminals

Marketplaces like SSNDOB operate on the darknet and broker the buying and selling of personal information, usually acquired through data breaches and data leaks or directly stolen from the rightful owners. The data is then sold to other criminal groups that use it for identity theft, credit card fraud, forged documents, all kinds of scams, and even international terrorism.

For example, just by knowing your name and Social Security Number (SSN) a criminal can open a credit card or take out a loan, they can open a new phone account, can get medical care in your name, get a driver’s license, or even claim your tax refund.

What can you do?

Because much of the personal data linked to you can’t be changed or is very difficult to change (SSN number, date of birth, biometric data, address, name, etc) it’s always better to prevent data theft than to deal with its aftermath.

  • Don’t give away personal information to everyone asking for it. Lots of websites and services suffer data breaches. Only share what is needed with entities you trust. Additionally, be wary of people contacting you through email, messages, or phone calls and asking for personal information like your SSN, date of birth, address, or financial details.
  • Freeze your credit. A credit freeze, also known as a security freeze, is the best way to help prevent new accounts from being opened in your name. You can then unfreeze your credit if you really need to apply for credit.
  • Don’t store or share unprotected documents containing personal information. They can be stolen or intercepted if someone gains access to your device. Consider installing a dedicated security solution to keep your devices malware-free and a VPN (Virtual Private Network) to secure your connection and data transfers.
  • Always destroy physical documents that contain personal information before throwing them in the trash. Criminals could easily get it by dumpster diving.
  • Consider employing the help of a service that can manage your online footprint. Bitdefender Digital Identity Protection lets you know if any of your personal information has been exposed, including your Social Security Number, and constantly scans the dark web for leaked data so you can take the right actions to protect your digital identity.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits
Silviu STAHIE

January 31, 2023

1 min read
Hackers steal 10 million customer details from JD Sports Hackers steal 10 million customer details from JD Sports
Graham CLULEY

January 30, 2023

2 min read
North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022 North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022
Silviu STAHIE

January 25, 2023

1 min read