Kaspersky security researchers report that an invitation-based private marketplace for stolen digital information offers more than 60,000 stolen bot profiles. Called Genesis Store, this is one of the largest online stores for such data, and the profiles sold there include browser fingerprints, website user logins and passwords, cookies, and credit card information. Based on the value of the stolen information, prices per profile range from $5 to $200.
What's in a Stolen Profile
Each profile contains a comprehensive snapshot of a victim's digital identity that can be used to impersonate them convincingly online. Information includes:
- IP address (external and local)
- Screen information (screen resolution, window size)
- Firmware version and operating system version
- Browser plugins installed
- Timezone and Device ID
- Saved website logins and passwords
- Authentication cookies (which can bypass login entirely)
- Credit card information
How the Fraud Works
Genesis Store gives its customers tools to "wear" a stolen digital identity — loading the victim's browser fingerprint, cookies, and credentials into a purpose-built browser, allowing fraudsters to access accounts as if they were the legitimate user. Because the login appears to come from the victim's usual browser environment, anti-fraud systems at banks and online retailers often don't flag the activity as suspicious.
The Tenebris Linken Sphere browser was marketed alongside Genesis Store as a tool specifically designed for bypassing anti-fraud systems using stolen fingerprints.
Protecting Yourself
This type of attack highlights why strong authentication matters beyond just passwords. Multi-factor authentication (MFA) — particularly hardware keys or authenticator apps — can prevent account takeovers even when a full browser profile has been stolen, because the session cookie alone is insufficient for access when MFA is properly configured.
For businesses, endpoint detection and response (EDR) tools can identify the information-stealing malware that harvests these profiles before it exfiltrates data. Landshark IT provides endpoint security and cybersecurity services for Tampa Bay businesses.