Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.
  • 8 February 2010 14:09

Cybercrime evolution means value of stolen credentials now determined by Internet service - Imperva

Psst, wanna buy Twitter credentials for $1,000 – Hotmail only $1.50...

Sydney, February 8, 2010. The rapid evolution of Web 2.0 services and the parallel world of cybercrime are driving a revolution in the price that criminals charge each other for user credentials, says Imperva, the data security specialist.

The price of a file of user credentials - known as a `dump' in hacking circles - depends greatly on the Internet service(s) where they can be used, says Amichai Shulman, the firm's chief technology officer.

"Just five years ago, the illegal trade in credit card details was a rising problem for the financial services industry, as well as their customers, with platinum and corporate cards being highly prized by the fraudsters," he said.

"Today, however, there are reports of Twitter credentials changing hands for up to $1,000 owing to the revenue generation that is possible from a Web 2.0 services account. This confirms our observations that credentials can fetch a high sum according to both the popularity of the application, and the `popularity' of the account in question," he added.

This is clearly illustrated by the `going rate' of $1.50 for a Hotmail account, and $80.00-plus for a Gmail account. As a service, Hotmail has fallen out of favour of serious Internet users, while Gmail's all-round flexibility means it is central service for business users, he went on to say.

According to the Imperva CTO, this means that Gmail credentials can also give access to a range of Google cloud services, including Google Docs and Adword accounts.

Google Docs, he explained, can contain valuable additional information on the legitimate owner, while an Adwords account can allow criminals to manipulate existing and trusted search engine results.

And it's a similar story with Twitter accounts, but with the added dimension of the immediacy of a rapid-fire social networking connection, said Shulman. This is almost certainly the reason why some newswires were reporting earlier this week ( that Twitter had blocked the accounts of some users while they changed their passwords.

"Twitter accounts are valuable to criminals who will use almost any technique to harvest user credentials, including targeted phishing attacks. Once a fraudster gains access to a Twitter account, they can misuse it in a variety of ways to further their fraudulent activities," he said.

"If this isn't a wake-up call to anyone with multiple IDs that use the same password, I don't know what is. Internet users - especially those with business accounts - need to use different passwords for different services, or they could face the disastrous consequences of taking a slack approach to their credentials," he added.

For more on the $1,000 Twitter accounts story: For more on Imperva:

About Imperva Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organisations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment. For more information, visit

Media queries Grenadine Lau Imperva Phone: +65.6749 4482 Mobile: +65.9666 1886 Email:

David Frost PR Deadlines Pty Ltd, for Imperva Phone: +61.2.4341 5021 Mobile: +61 (0) 408 408 210 Email:

Submit a media release