BENGALURU (Reuters) – According to NordVPN, one of the world’s major VPN service providers, about five million people worldwide have had their data stolen and sold on the bot market, including 600,000 from India, making it the most impacted nation.
Hackers use bot marketplaces to sell stolen data from victims’ devices infected with bot malware.
According to the NordVPN study, stolen data includes user logins, cookies, digital fingerprints, screenshots, and other information, with the average price for a person’s digital identity put at 490 Indian rupees ($5.95).
NordVPN has been collecting data for the past four years, since since bot marketplaces were introduced in 2018.
For a long time, India has been concerned about cyber security. On Nov. 23, multiple servers of the All India Institute of Medical Sciences (AIIMS), a federal government hospital that serves ministers, politicians, and the general public, were infected, according to a senior police official.
The Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts within 24 hours on Nov. 30, a week after the AIIMS ransomware attack, according to the Times of India.
Indian cybersecurity regulations were only recently tightened, with the Indian Computer Emergency Response Team (CERT) requiring tech companies to report data breaches within six hours of becoming aware of such incidents and to keep IT and communications logs for six months.
NordVPN’s research looked into three main bot markets: Genesis, Russian Market, and 2Easy, and discovered stolen logins from Google, Microsoft, and Facebook accounts.
“What distinguishes bot marketplaces from other dark web markets is their ability to gather massive volumes of data about a single individual in one location,” said Marijus Briedis, NordVPN’s chief technical officer.
“And after they sell the bot, they guarantee the buyer that the victim’s information will be updated for as long as their device is infected by the bot.”
In their study, NordVPN researchers discovered 667 million cookies, 81,000 digital fingerprints, 538,000 auto-fill forms, numerous device screenshots, and webcam snaps.