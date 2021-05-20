Toby Antony By

KOCHI: The pandemic has shifted most aspects of our daily lives — banking, shopping and paying bills — online. In the digital world, an account password is probably as important as your housekey. Account Take Over (ATO) crimes is a form of identity theft where a fraudster illegally uses bots (a software application that runs automated tasks over the Internet) to access a victim’s e-commerce or other private accounts. If the hacker succeeds, he can make transactions, siphon off funds, steal credit or debit information or loyalty points, and do unauthorised shopping using the victim’s compromised account.

A recent study conducted by Technisanct Technologies Private Limited, a Kochi-based cybersecurity firm, reveals that there is a surge in ATO crimes and OTT accounts are the most targeted merchandise. For the study, the Technisanct team accessed 12,000 OTT accounts, 7,500 e-commerce applications and 4,500 EdTech brands over five months, between January and May 2021.

They found out that many Indian users still log in using passwords they set in 2014, making it very easy for hackers to penetrate it. There has been a 90 per cent hike in the number of ATOs being reported from India in 2021 as compared to the previous year. Most of the crimes occur on leading EdTech, OTT and e-commerce platforms.

“Many people use the same password for multiple accounts for the ease of memorising. Many digital platforms also don’t mandate two-factor authentication or ask users to regularly change their passwords, fearing that it could create a dent in consumer experience. But this actually makes users more vulnerable to ATO, credential stuffing and credential cracking,” says Technisanct Technologies Founder & CEO Nandakishore Harikumar.

Credential stuffing is an automated web injection attack where hackers use credential information sourced from data breaches to gain access to the victim’s accounts. In credential cracking, hackers use dictionary lists or common usernames and passwords to guess their way into an account.

According to Nandakishore, the study also found out there is a huge demand for OTT user names and passwords since lockdown started. The credentials of many Indian accounts are being regularly kept for sale on Telegram and other data-sharing platforms on the dark web.

The dark web refers to encrypted online content that is not indexed by conventional search engines. Sometimes, the dark web is also called the dark net. It is a part of the deep web, which just refers to websites that do not appear on search engines. Specific browsers, such as Tor Browser, are required to reach the dark web. Using the dark web often provides more privacy, which also makes it a haven for fraudsters, hackers, and traffickers.