(no title)

But there are in fact big infosec businesses trading them. They just brand it as “data leak monitoring” or “darknet intelligence” or whatever. Equifax does this, NortonLifeLock does this as do many others. There are also products aimed specifically for pentesters.

> As someone else mentioned, an 'access device' actually refers to many things, including emails

>”Access device" is defined at 18 U.S.C. § 1029(e)(1). Instead of using the term "credit card," or "debit/credit instrument," the term "access device" is used in the statute and is defined broadly as any "card, plate, code, account number, electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier, or other means of account access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds...." The only limitation, i.e., "other than a transfer originated solely by paper instrument," excludes activities such as passing forged checks.