A recent advisory published by the Resecurity cybersecurity vendor exposes a trend now developing on the dark web โ more and more stolen biometrics-based data is ending up in this corner of the internet.
These revelations, describing the increase in activity of this type as โsignificant,โ highlight the case of Singapore, including its SingPass scheme.
At the same time, they confirm that the fears of the digital ID and age verification push sooner or later turning into a privacy nightmare.
In Singapore, every citizen and resident has a SingPass (Singapore Personal Access) digital ID account, which is touted by the authorities in the city-state as their โtrusted digital identityโ โ not to mention a โconvenientโ one.
Blackhat hackers, however, beg to disagree, and itโs hard to imagine that digital ID holders affected by identity theft think of the scheme as in any way โconvenient.โ
Security researchers say that overall, year-on-year, as many as 230 percent more โvendorsโ are now selling stolen personal information that often contains facial recognition data, fingerprints, and other biometrics belonging to Singaporeans.
A majority of this data has been up for sale on the XSS dark web forum, according to the same source.
In 2024 thus far, this type of activity peaked in April, following a rise in data breaches where cybercriminals targeted a number of online databases that store this information.
Stolen citizensโ identities are then used for a variety of criminal activities, including fraud, scams, and the creation of deepfakes. But once this kind of floodgate opens, exposing particularly sensitive data, spies and various governments are never far behind the common criminals in exploiting the breaches.
Other than supposedly being โeasy and secure,โ SingPass gives access to more than 1,700 government and private sector services in Singapore, both online, and in person.
But Resecurity said that more than 2,377 of these accounts were compromised last month alone, with the firm saying the holders of those have been notified of this discovery.
However, the firmโs advisory noted that in many cases online platforms that suffer data breaches do not disclose these incidents, which means that citizens and residents in Singapore whose identities have been stolen are not even aware of this.