According to a survey conducted by Kochi-based cyber security firm Technisanct Technologies Private Ltd, the country has seen a steady growth in data breaches, financial frauds, and identity theft through media, EdTech, and e-retail platforms.
The study, which examined 12,000 Over-The-Top (OTT), 7,500 e-retail and e-commerce, and 4,500 EdTech accounts over a five-month period from January to May 2021, discovered that Account TakeOver (ATO) on the dark web had increased by 90-100 percent.
ATO is a type of online identity theft in which a cybercriminal gains access to a victim’s bank, e-commerce, or OTT account, syphons funds, and uses the stolen credit or debit information or loyalty points to commit another cybercrime or fraud.
The majority of the crimes are committed on big brands in EdTech, OTT platforms, and e-commerce and e-retail applications, according to the study report.
The main reason for ATO, they discovered, is that many Indian users are still using passwords they used in 2014 for a brand that experienced a data leak at that time. According to the study report, since the lockdown there has been a tremendous demand for OTT usernames and passwords, and many of the credentials belonging to Indian brands are regularly stored for sale in Telegram and other dark web data sharing platforms.
Commenting on the development, Technisanct Founder & CEO Nandakishore Harikumar, said “Using the same password for the ease of use and many digital business companies not imposing two-factor authentication and not prompting to regularly change their login passwords, fearing that it could create a dent in consumer experience, actually exposes them to threat of ATO, credential stuffing and credential cracking,”
Hackers utilise credential information obtained from data breaches to get access to the victim’s other accounts in a credential stuffing attack. Hackers who use common usernames and passwords to guess their way into an account are known as credential crackers.
The study also discovered that OTT platforms, particularly premium accounts, were severely hit, and that the EdTech industry’s credentials are widely used on Telegram platforms. It recommends instilling the habit of using strong password protection measures, particularly among EdTech brand’s young customers.