Technology
Surge in Stolen Singaporean Digital Identities on Dark Web, Prices Start at $8: Cybersecurity Report
Published On Tue, 09 Jul 2024
kartik kumar
0 Views
Hoping to make quick money from an advertisement promising fast cash, Reign Lee Jing Yu handed over his Singpass account details to open bank accounts for a payment of $8,000. Instead of receiving the money, his account was used by scammers to launder $220,000, as reported by CNA in October 2023. At 21, he faced charges under the Computer Misuse Act for disclosing his Singpass password for wrongful gain. His case illustrates how cybercriminals exploit stolen identities for illegal activities, according to a June 26 article by California-based cybersecurity company Resecurity.
The article highlighted the increasing trade of Singaporeans identity data on the Dark Web, with prices as low as $8. By mid-2024, mentions of Singpass on underground forums and sales by these vendors had surged by 230% compared to 2023. The stolen data often includes biometric information and templates for official documents. Resecurity identified key vendors selling stolen Singaporean identity data in October 2023 and noted the large volumes of compromised data for sale by June 2024. The firm recovered over 2,000 compromised Singpass accounts in June and alerted the victims.
Shawn Loveland, Resecuritys COO, clarified to Lianhe Zaobao that these data breaches were not due to Singpasss security but rather the online behaviors and lack of awareness of the victims. The Straits Times reported an increase in Singpass credential thefts, often under the guise of job screenings. Telegram groups have been found offering to buy and sell Singpass accounts, with clean accounts priced between $6,000 and $12,000 and dirty ones around $3,500. Personal bank accounts are sold for $800 to $2,400.
GovTech, responding to AsiaOne, acknowledged the illegal sales and emphasized ongoing efforts to enhance Singpass’s security. They urged users to remain vigilant, keep their systems updated, and use strong passwords. Users could face criminal charges if they knowingly disclose their Singpass credentials for illegal activities.
Disclaimer: This image is taken from GovTech.