https://www.asiaone.com/singapore/stolen-singaporean-digital-identities-sold-dark-web-8-huge-spike-such-data-being-offered
cybersecurity company Resecurity noted a 230 per cent jump in the number of underground sellers offering stolen identities belonging to Singaporeans.
PHOTO: GovTech
He was hoping to make a quick buck and the advertisement had promised "fast cash".
All Reign Lee Jing Yu had to do was give up his Singpass account details for them to be used in opening bank accounts and he would be paid $8,000. Not only did he not receive the money, his account was used by scammers to launder $220,000, CNA reported in October 2023.
The 21-year-old was dealt with under the Computer Misuse Act for disclosing his Singpass password for wrongful gain.
The case was cited as an example of how cybercriminals use stolen identities for illegal activities in an article posted by California-based cybersecurity company Resecurity on their website on June 26 this year.
A large number of underground sellers, the article revealed, have gotten their hands on identity data of Singaporeans and are offering them on the Dark Web for prices as low as $8.
By the end of the second quarter of this year, the number of such sellers have jumped by 230 per cent compared to the same period in 2023.
This increase was determined based on mentions of "Singpass" on the Dark Web — underground forums and communities, and invite-only Telegram groups — as well as sales records from underground sellers.
Stolen data includes biometric information such as fingerprints and facial data, as well as templates for passports, driving licences, utility bills and banking statements.
Resecurity noted that it identified several major underground vendors monetising stolen identity data from Singapore around October 2023. It also detected around June this year that "large volumes of compromised identity data" were offered for sale.
The cybersecurity firm also identified a number of cybercriminal groups "operating illegally under the guise of telemarketing or customer support services" that target Singapore citizens' personal data for criminal use.
In particular, Singpass accounts are utilised for scams, money laundering and identity theft - facilitated by the anonymity of the Dark Web.
In June, Resecurity recovered more than 2,377 compromised Singpass accounts from the Dark Web and notified the victims.
In response to queries from Lianhe Zaobao, Resecurity's chief operating officer Shawn Loveland clarified that data leaks have nothing to do with Singpass's security system. Instead, he said that the online habits and lack of awareness of the victims could have led to their information being released online.
Since Jan 1, the Singpass credentials of at least 219 people had been stolen under the pretext of job screening to open bank accounts, The Straits Times reported in May. This was a spike from the figure reported in March, when the police said there were at least 47 such victims since the start of the year.