A new study by IT security vendor SentryBay has unveiled worrying figures that show that a large number of ‘legitimate’ websites are misleading their users and passing on their personal information to third parties for considerable financial compensation.
Users who do not pay close attention to the terms and conditions of certain websites could be putting their personal information in the public domain, with could make them targets for identity theft in the worst case scenario, but may in any case lead to their data being used for advertising and marketing purposes.
SentryBay believes that in excess of 4000 websites with seemingly legitimate intentions and services are carrying out the increasingly common practise of selling on personal data harvested from their users without their knowledge.
A spokesperson for the firm told v3.com that the results had been gathered by analysing the data black market and comparing the information that is being bought and sold in order to establish a broad picture of what is going on and which parties are involved.
According to the report, over 40 million people have had their data illegally sold on, often to cybercriminals who can then use it to steal identities and make untraceable purchases online. It is possible to track the movement of the sold data forwards and backwards and it was this capability that allowed the authors of the report to trace the path of the data, which in many cases originated from innocent-looking websites.
Many websites stipulate that they will be allowed to sell on personal information of their users in the small print and in the first instance most sell the data on to other moderately scrupulous sites. However, once it has left the hands of the original source there is no way in which they can control it and thus private data can quickly end up in the hands of criminals.
It has also emerged that the criminal fraternity is being forced to adapt in the face of increasingly effective anti-fraud systems used by financial institutions to protect their customers’ information. It is possible for criminals to build a complete identity from smaller pieces of personal data collected online in order to bypass mainstream protection mechanisms.
