The journey begins with compromise. Cybercriminals use a blend of tactics to harvest personal and
            corporate data:

               •  Data Breaches remain the most prolific source. In 2024, India witnessed an alarming rise in
                   targeted attacks against financial institutions, insurance firms, and healthcare providers. A single
                   breach at a medical diagnostics firm led to the exposure of over 5 million patient records, which
                   quickly surfaced on dark web marketplaces.
               •  Phishing Scams continue to be weaponized at scale. Fake emails, SMS messages, and even
                   job offers are designed to lure victims into handing over credentials or downloading malware.
               •  Malware Attacks are often embedded in pirated apps, infected websites, or unsecured Wi-Fi
                   networks. Once installed, they silently capture keystrokes, login credentials, and financial data.
               •  Credential  Stuffing  thrives  on  weak  or  reused  passwords.  Hackers  simply  automate  login
                   attempts using data leaked from previous breaches—often with shockingly high success rates.
               •  Insider Threats also play a role. Employees, either disgruntled or incentivized, may leak or sell
                   sensitive databases directly to cybercriminals.




            The Business of Stolen Data

            Once harvested, the data is cleaned, categorized, and auctioned like inventory in a wholesale warehouse.
            A full identity—known as “fullz”—can fetch between $10 and $100 depending on its quality. A hacked
            bank account with a clean transaction history? That can go for hundreds.

            Here's how the monetization lifecycle works:

               1.  Bundling  and  Valuation:  Cybercriminals  compile  stolen  data  into  categories  like  login
                   credentials, medical records, tax IDs, or passport scans. Each bundle is priced based on its utility
                   and rarity.
               2.  Dark Web Marketplaces: Platforms like Genesis, BlackForums, and Hydra function like eBay—
                   complete with user reviews, refund policies, and customer service. Sellers build reputations over
                   time, and the most reliable vendors command premium prices.
               3.  Crypto-Powered Transactions: Payments are made via cryptocurrencies such as Bitcoin and
                   Monero to maintain anonymity. Smart contracts and escrow services often protect both parties.
               4.  Exploitation and Resale: Buyers may directly use the data to commit fraud—applying for loans,
                   stealing medical benefits, or launching phishing campaigns—or they may resell the information
                   to other actors.



            A Case in Point: The AT&T Breach

            In March 2024, a massive breach involving AT&T made headlines after data from over 70 million current
            and former customers was discovered on a dark web forum. Unlike ransomware attacks where data is
            held hostage, this breach was purely transactional. The attackers didn’t demand a ransom; they directly
            monetized  the  data,  selling  it  to  the  highest  bidder.  Among  the  exposed  data  were  Social  Security







                                                                                                            155