According to Experian, 19.7 million pieces of personal information were illegally traded online in the first six months of 2012 -- that's more data than was traded online in all of 2011, when 19.04 million personal records were traded.
"Data are sold by hackers on auction-like black market sites, where information to authenticate credit card accounts sells for $1-$30 an account depending on the card credit limit. Passwords for email accounts sell for $1-$20," writes The Financial Times' Maija Palmer. "About 90 per cent of illegally traded personal data involves the combination of an account name and password, Experian said."
"The publication of the figures coincides with the start of [the UK's] National Identity Fraud Prevention Week, which the company has also marked by releasing the results of its Life In A Box experiment," writes IT PRO's Caroline Donnelly. "The initiative was designed to shed light on people’s online security habits by placing a volunteer in a shop front for a week with nothing more than a laptop. The volunteer, Steve, was set a number of online challenges to test the strength of the password and username combinations he used and how easy it was to uncover personal information about him online."
"The experiment found that although Steve showed himself to be a savvy web user, like many people he made basic security mistakes in his hurry to get things done," writes TechEye's Andrea Petrou. "This included using the same password across multiple accounts, failing to update his web browser to a newer, more secure version, and he didn’t check that websites were secure by looking for the padlock icon when making online purchases. From this, Experian said it was able to deduce that all of the eight temporary email addresses used by Steve were taken over within five hours, with the majority of credentials hijacked within five minutes."