According to a number of security researchers, the sale of stolen information and credit cards often takes place completely underground in secret credit forums, where hackers exchange or sell data. These forums are closed to the public, and people who join the groups are vetted by forum administrators to ensure they are not from law enforcement.
Posts on the forums usually list the type of information for sale, including names and addresses associated with the cards, and a price that can be negotiated. Once someone agrees to buy the information, the transaction takes place out of the forum in a secret chat room, usually using a private and secure I.C.Q. room.
Mr. Stevens said stolen credit cards usually sold for about $5 to $10 online, yet the prices vary based on the amount of information supplied with the card data and the account limit.
Hackers who claim they are responsible for the Sony breach wrote on underground forums last week that they had access to over 2.2 million credit cards. If these millions of new stolen cards were sold online, the price could fall to well below the standard rate to as low as $1 or $2 each.
To make matters worse, Sony said Monday that another server had been affected by the breach last week and as many as 12,700 credit and debit cards could have been stolen during the attack.
Bookmarks