Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

2easy Now a Significant Dark Web Marketplace for Stolen Data

2easy Now a Significant Dark Web Marketplace for Stolen Data

A dark web marketplace named ‘2easy’ is becoming a significant player in the sale of stolen data “Logs” harvested from roughly 600,000 devices infected with information-stealing malware.

“Logs” are archives of data stolen from compromised web browsers or systems using malware, and their most important aspect is that they commonly include account credentials, cookies, and saved credit cards.

2easy launched in 2018 and has experienced rapid growth since last year when it only sold data from 28,000 infected devices and was considered a minor player.

Based on an analysis by researchers at Israeli dark web intelligence firm KELA, the sudden growth is attributed to the market’s platform development and the consistent quality of the offerings that have resulted in favorable reviews in the cybercrime community.

Also Read: A Closer Look: The Personal Information Protection Law in China

Cheap and valid logs

The market is fully automated, which means someone can create an account, add money to their wallets, and make purchases without interacting with the sellers directly.

The logs are made available for purchase for as low as $5 per item, roughly five times less than the average Genesis prices and three times less than the average cost of bot logs on the Russian Market.

Moreover, based on actor feedback analysis from multiple dark web forums, 2easy logs consistently offer valid credentials that provide network access to many organizations.

The 2easy homepage as seen in December 2021
The 2easy homepage as seen in December 2021
Source: KELA

Besides the cost and validity, 2easy’s GUI is user-friendly and powerful at the same time, enabling actors to perform the following functions on the site:

  • view all URLs to which the infected machines logged in
  • search URLs of interest
  • browse through a list of infected machines from which credentials to said website were stolen.
  • check the seller’s rating
  • review tags assigned by sellers, which most times include the date the machine was infected and sometimes additional notes from the seller
  • acquire credentials to selected targets

The only downside compared to other platforms is that 2easy doesn’t give prospective buyers a preview of a sold item, such as the redacted IP address or OS version for the device the data was stolen.

Also Read: Battling Cyber Threats in 4 Simple Ways

The RedLine plague

Each item purchased on 2easy comes in an archive file containing the stolen logs from the selected bot.

The content-type depends on the info-stealing malware used for the job and its capabilities, as each strain has a different focus set.

However, in 50% of the cases, the sellers use RedLine as their malware of choice, which can steal passwords, cookies, credit cards stored in web browsers, FTP credentials, and more, as shown below.

Purchased RedLine log archive contents
Purchased RedLine log archive contents
Source: KELA

Five out of the 18 sellers active on 2easy use RedLine exclusively, while another four use it in conjunction with other malware strains like Raccoon StealerVidar, and AZORult.

A 2easy seller praising the simplicity of RedLine
A 2easy seller praising the simplicity of RedLine
Source: KELA

Why this is important

Logs containing credentials are essentially keys to doors, whether those doors lead to your online accounts, financial information, or even entry to corporate networks.

Threat actors sell this information for as little as $5 per piece, but the damage incurred to compromised entities could be counted in the millions.

“Such an example can be observed through the attack of Electronic Arts that was disclosed in June 2021,” explains KELA’s report

“The attack reportedly began with hackers who purchased stolen cookies sold online for just $10 and continued with hackers using those credentials to gain access to a Slack channel used by EA.”

“Once in the Slack channel, those hackers successfully tricked one of EA’s employees to provide a multi-factor authentication token, which enabled them to steal multiple source codes for EA games.”

Pulse Secure VPN credentials available through 2easy
Pulse Secure VPN credentials available through 2easy
Source: KELA

The initial access broker market is on the rise and is directly linked to catastrophic ransomware infections, while log marketplaces like 2easy are a part of the same ecosystem.

Millions of account credentials are offered for purchase on the dark web, so appropriate security measures that treat accounts as potentially compromised are needed.

Examples of those measures include multi-factor authentication steps, frequent password rotation, and applying the principle of least privilege for all users.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us