Constella Web Logo white e1703116556868

Weaponized Data Breaches: Identity-Based Attacks Increase Digital Risk Across the Globe

jim z dmOIBJbAybI unsplash scaled 1

Findings from Constella’s latest breach report show the number of new identity records and depth of personal information is expanding, creating a blueprint of our digital identities for threat actors to weaponize.

Thus far, the year 2020 has been and will continue to be historic, to say the least. COVID-19 has plagued the entire globe, and in the U.S., the momentous presidential election is right around the corner. The confluence of large-scale events that cause feelings of uncertainty, combined with persistent cybercriminals looking to exploit vulnerable populations, has led to an increase in cyber-attacks during the past several months.

Cybersecurity is certainly not on the forefront of most people’s minds as we navigate these strange times, but unfortunately, cybercriminals are not taking a break while the rest of the world is on pause. Because of this, it is important we understand what’s happening in the world of cybersecurity so that we stay one step ahead of malicious actors in the coming weeks, months, and years.

To provide insight into the latest trends in cybersecurity, we released our 2020 Identity Breach Report, “Weaponized Data Breaches: Fueling Identity-Based Attacks Across the Globe.” Our most salient findings are outlined below:

Notably, this past year, we observed an increase in big data packages with confidential documents circulating in underground communities, including bank statements, personal communication emails and messages, chat records, agreements, and contracts from government agencies, and more.

Additionally, last year we observed an increase in the percentage of breach packages containing identity information beyond just credentials.

This is concerning since consumers can easily change passwords but cannot change many of their identity attributes. Today’s threat actors are collecting and correlating PII from various sources: breaches, leaks, social media, and publicly available information, to create identity-based profiles and perpetrate more severe crimes.

“2019 saw a 10% increase in emails and passwords contained in data breaches compared to 2018 and a 14% increase in PII.”

Cybercriminals are also re-releasing big combo breach packages containing aggregated emails or usernames and associated clear-text passwords, and combining them with data from newer, large-scale breaches. Every time these big combo packages surface, all of our exposed credentials recirculate, making the data increasingly accessible for malicious or criminal use, such as account takeover, Business Email Compromise, and other identity-based attacks. In January 2019, a combo package “Sanixer Collections,” included 1.8 billion usernames and clear text passwords. This single dump was topped only a few months later, in May 2019, by XSS.IS with 3 billion identity records.

Another key finding of the latest report is the continuous year-over-year rise of government breaches — a hot-topic given the impending election and all that transpired during 2016’s election interference.

Constella saw over 356 million records exposed globally due to government breaches.

The U.S. has faced the largest number of attacks of any country, a signal that the U.S. government must take election security seriously. This is especially important now, given the electoral process may have to undergo significant changes due to the current pandemic.

From the various data breaches across industries and global regions, Constella found a total of 18.7 billion raw identity records circulating in underground communities in 2019 — a 25.5% increase from 2018.

After the curation and verification process, 4.2 billion were confirmed as new, authentic identity records.

This amounts to a 16.6% increase in real identity records.

When the Breach Economy is saturated with compromised data exfiltrated from unprotected government, enterprise, consumer, and market aggregation databases, nefarious actors have more power for a host of illicit activities including identity theft, financial fraud, and other cybercrime campaigns.

With increasing amounts of your personal information circulating in dark markets, you now may be wondering, how much does my identity data cost?

In this year’s report, we list out the average prices for Social Security numbers, passports, drivers’ licenses, credit cards, and Tax ID Numbers, as well as give a breakdown of average costs by country and industry. Not surprisingly, of these identity record types, the average price for Social Security numbers is the highest, at $67, followed by passports, at $53.25, and drivers’ licenses, at $48. Tax IDs are the least expensive, which are only $28.75.

As cybercriminals’ techniques continue to advance, so should our response and mitigation efforts. Instead of accusing breached companies, our governments should pass meaningful legislation to protect their constituents and provide incentives for organizations to appropriately respond to breaches. Companies should manage their own security risk posture and take responsibility for protecting their customers. By employing identity intelligence and attribution analysis and taking a proactive approach to unmasking nefarious actors, security operation leaders can keep up with ever-evolving cyber threats. On an individual level, consumers should use a password manager, sign up for identity theft protection services, and remain vigilant for suspicious activity.

At Constella, we continuously monitor the underground economy and collect and curate breach packages to alert consumers that their identities are exposed and that cybercriminals could weaponize the information to initiate new attacks. We also enrich this with identity data related to cryptocurrency wallets and marketplaces in the dark web, to help fraud analysts, financial crime investigators, and incident response teams investigate, unmask, and deter threat actors.

You can download our latest report, “Weaponized Data Breaches: Fueling Identity-Based Attacks Across the Globe.”

Interested in our work? Please contact us at To learn more about Constella, subscribe to our newsletter below.