Can Buying Breached Data Ever Be Ethical?

Cybersecurity Essentials

We only publish the most trusted cybersecurity news and links, curated by the top experts, enthusiasts and thought leaders. With the Essentials Cybersecurity master topic and nine in-depth sub-topics, you'll never again miss anything or anyone that matters in the world of cybersecurity.

Data breach research dances on the fine line between what’s legal and ethical. How did agencies get the data? Was it voluntary or acquired by some ransomware attack? What about those who buy the breached data? Are they legitimate security researchers studying data to improve cybersecurity measures or wishing to use data instead for malicious activities?

Data Breach Research and WeLeakInfo

A breached data search service called WeLeakInfo was active for several years until it was shut down in January 2020. During this period, around 141 companies within the information security sector paid WeLeakInfo for breached data. Their clients were both individuals and information security companies. Though the company claimed their operation was fully legal, why was the site advertised on Hack Forums?

How Does a Data Breach Service work?

Similarly to predecessors like LeakedSource, WeLeakInfo offered inexpensive subscriptions which allowed subscribers to view 12 billion data records sourced from 10,000 breaches. Although most of the data was already public, some wasn’t-- this led people to question whether they conducted a phishing attack of their own to acquire it.

Is Buying Breached Data a Cybersecurity Threat?

Once law enforcement officials took down the site, they also arrested two men in Northern Ireland and the Netherlands who were behind the operation. 21 others who bought data from the site were arrested in the UK. Next to this, 69 others have been issued cease-and-desist orders in relation to them not being able to use this data. To law enforcement, buying breached data is most definitely a cybersecurity risk.

The Ethics and Legality of Selling Breached Data

WeLeakInfo and other Data breach services are clearly problematic on legal and ethical grounds. Considering both individuals and companies from around the globe, including IBM and Deloitte were customers, there is a massive demand for breached data.

The problem arises when WeLeakInfo's customers are clearly divided into two very different groups-- legitimate security researchers and those using the data for malicious operations. With data breach services not vetting buyers, protocols must be established to ensure that ethical hacking research can be done without putting people's private data in jeopardy.

Read the original article here.

Take a look at more top articles, trends and experts by signing up to our cybersecurity newsletter—By getting to choose which topics interest you the most, you get the latest news delivered with ease: https://essentials.news/cybersecurity/my-essentials

Cybersecurity Essentials

Can Buying Breached Data Ever Be Ethical?

Data Breach Research and WeLeakInfo

How Does a Data Breach Service work?

Is Buying Breached Data a Cybersecurity Threat?

The Ethics and Legality of Selling Breached Data

Follow us

Subscribe to Cybersecurity.

Sign up for the weekly Cybersecurity newsletter

Never again miss anything or anyone that matter in Cybersecurity