- Hacker operating with leaks from Polish accounts
- We assume that the hacker has first access to the leak (purchasing data on the dark web) before the information reaches the public network
- The calculation is based on a popular recent attack involving Facebook account takeovers and Blik fraud
- We assume that an average active Facebook account has 30 friends using Messenger
- Of these 30 people, only 5% (1.5 people per hacked account) will, in good faith, transfer an average of 200 PLN via Blik (we know cases where “clicked” amounts were 2000 PLN).
Daily, several to several million sets of email + password from leaks of content providers, online stores, mobile apps, and games end up on the internet (and the less official part of the so-called dark web). Most providers, fortunately, store passwords in an encrypted form.
Let's make a preliminary calculation based on the metrics that we at Inveo analyze in our annual reports, to estimate how much could potentially be earned from such illegal activities.
We encourage you to play with the “hacker earnings calculator” and experiment with the assumptions.
We have initially used very cautious values.
Potential monthly earnings, working 2 days a week:
Annually:
It is clear that the potential benefits from illegal hacking activities, even with just one type of attack, excluding ransoms and further resale of data (e.g., Messenger or WhatsApp history), are colossal.
One must face the tough question: how much of the company's budget is allocated for data protection?
We will be blunt—if someone believes that an antivirus costing a few dozen PLN annually ensures security, they are deceiving themselves.
For hackers, the best “client” is someone who thinks they are secure.
IT departments and independent IT professionals are responsible for ensuring continuity and implementing processes supporting business operations. We cannot expect them to dedicate all their time and knowledge solely to data security tasks like hackers do.
Additionally, we believe that external parties who have no conflict of interest with the IT department should also pay attention to data security.