Stolen data of 3,000 Irish people sold on bot markets, study claims

8 Dec 2022

Image: © Bits and Splits/

The report claims that hackers are selling data packets that include the passwords, cookies, digital fingerprints and other personal information of affected users.

At least 5m people globally have had their online data stolen and sold on “bot markets”, according cybersecurity company NordVPN.

The company’s report claims that around 3,000 of the affected people are from Ireland, while around 46,000 people have been impacted in the UK.

Bot markets are online marketplaces that hackers use to sell data they have stolen from the devices of their victims through malware.

NordVPN said the data is usually sold in packets that include passwords, cookies, digital fingerprints and other information that can help establish a digital identity.

CTO Marijus Briedis said bot markets are different from other dark web markets because they get “large amounts of data about one person in one place”.

“After the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” Briedis said. “A simple password is no longer worth money to criminals when they can buy logins, cookies, and digital fingerprints in one click for just €6.”

NordVPN said it analysed three major bot markets that were accessible on the surface web, compiling the data with the help of third-party researchers.

Common data being sold on these markets included cookies and login details. For sale on the markets analysed, researchers found 667m stolen cookies, 87,000 digital fingerprints, 538,000 auto-fill forms and 26.6m logins.

These login details included 720,000 from Google accounts, 654,000 from Microsoft accounts and 647,000 Facebook logins.

Hackers were also found to have taken screenshots from devices infiltrated with malware. NordVPN said the most popular types of data-stealing malware included RedLine, Vidar, Racoon, Taurus, and AZORult.

Details of a person’s digital fingerprint include screen resolution, device information, browser preferences and other information that makes a user unique. This data can be used by hackers to help seem like an authentic individual.

NordVPN said these bot markets offer various ways for a victim’s data to be exploited, such as by connecting to someone’s Facebook account to send malicious content to other users.

The company said more sophisticated criminals buy this information to target businesses with phishing attacks by impersonating employees.

Briedis said people should use antivirus software “at all times” to keep themselves protected online. He also suggested measures such as password managers and file encryption tools, to ensure that “even if a criminal infects your device, there is very little for them to steal”.

Earlier this year, a survey claimed that roughly 90,000 Irish SMEs had data stolen over a 12-month period, while more than 40pc of the data was permanently lost.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic