Cyber hackers could be trading the details of nearly 200,000 people in Leeds on the dark web in a bid to extort them for cash and goods, research from a specialist data firm has found.
Across the Leeds postcode, the personal data of 191,709 people is listed for sale on the underground marketplace, with the highest number being in LS6 (12,244), LS12 (12,065) and LS11 (10,419).
The illicitly obtained data - from email addresses and pictures to passport numbers and credit card details - is listed for sale on the areas of the internet which are encrypted and hidden from ordinary search engines.
Detective Chief Inspector Vanessa Smith, West Yorkshire Police head of cyber crime, said criminals typically target “the low-hanging fruit” - people who have low levels of cyber security.
She said people can be too relaxed about their personal details online, leaving them open to identity theft by doing things like using public WiFi when accessing their bank account details.
“On the dark web, there is information for sale all the time to the cyber criminal,” she said. “They can sell that and use your data in a multitude of ways.
“They would rather steal your data than £5,000 in cash because it is worth more.”
Personal data has become one of the fastest growing tradeable commodities online.
If criminals eventually gather enough information about an individual, they have the potential to open credit cards in their name, buy goods and transfer money.
Now the YEP, teaming up with London data firm C6, reveals a picture of the booming identity trade among the criminal underworld.
The data firm has employed expert staff to track the number of identities being sold on the dark web, with people’s email addresses and names traded through encrypted chat rooms.
“As consumers we have never really paid the price for fraud,” said Emma Mills, chief operating officer of C6, which runs the hasmyidentitybeenstolen.com website.
“We’re used to the banks picking up the credit and debit card losses, we don’t see the downside to ourselves of being careless with our personal information.”
Ms Mills said the spiralling amount of people at risk of being defrauded needs to act as a wake up call.
“We don’t clearly understand the impact of having our identities compromised and how long and painful it is to re-build that genuinely,” she said.
“It causes problems with applying for credit or any other form of account.”
Often the online marketplaces sell only partial information about an individual.
One site allowed users to bulk purchase Paypal accounts for one US dollar per account.
The store, which also purported to sell Ebay accounts, offered an 80 per cent working guarantee.
On its own, a person’s streaming service account details could be seen as innocuous, Ms Mills said.
But profiles can then be ‘enriched’, often over a series of months, or even years.
Once the identity is rich enough, fraudsters can open credit card accounts in a person’s name, buy goods and transfer money. They can also sell on the so-called’ full person profile’ in bulk.
C6, owned by Acuris, has been researching this type of data since 2002 and works by updating a database of known records being traded in the far reaches of the dark web.
Its website, hasmyidentitybeenstolen.com, allows users to see whether their address or data has been compromised.