Do you know about the dark web, how much your hacked personal data costs on the black market, how cybercriminals use stolen data, and what you can do to protect yourself?
According to recent security statistics, the number of personal data breaches and hacks has increased dramatically. COVID-19 has ramped up remote workforces that operate off cloud-based platforms paving the way for cyber attacks. And the rollout of 5G, which has led to the adoption of more connected devices, has also increased the attack surface for hackers looking to exploit sensitive personal data.
What’s worse is research shows most companies don’t protect their sensitive data or have traditional security approaches that are largely ineffective, making them vulnerable to cyber-attacks.
This means that hackers can easily steal your personal data and use it to carry out more dangerous attacks, or they can sell it on the dark web for thousands of dollars.
What is the Dark Web?
The dark web is a marketplace where vendors anonymously operate the illegal trade of goods through unofficial or unauthorized channels.
Search engines do not index the dark web. Users access it using unique browsers such as Tor, making them bounce through many different relays, making it almost impossible to track their connection.
Terrorism statistics on the dark web reveal over 50,000 extremist groups on this part of the internet, and they can sell and buy almost anything.
Stolen personal information is frequently traded on the black market online. And the prices of personal data depend on a combination of factors like the type of data being sold, risks of attaining the data, how recently it was obtained, the increasing benefits of buyers using the information, the increased quality and accuracy of the information, and its demand and supply.
That means the black market is thriving. Darkweb reports state that cybercriminals added over 22 billion new records for sale in 2020 alone on the black market.
Vendors on the Dark Web are even parodying traditional established markets with offers like “purchase two cloned credit cards and get one free!!”
For further illustration on how the market is thriving, here’s a snapshot of a fake I.D. vendor profile with over 600 buyer ratings who make sales every day:
The most common way to pay on the dark web is with Bitcoins (BTC). But recently, shady web vendors have been asking buyers to make payments using Monero and communicate only via PGP (Pretty Good Privacy) encryption. Monero and PGP offer more security and aids in their efforts to avoid getting detected and tracked by law enforcement.
How Hackers Monetize Stolen Personal Data
Verizon’s annual data breach report states that 86% of personal data breaches are about money, and 55% are committed by organized criminal groups. And with the amount of money they can make, they are not going anywhere anytime soon.
After stealing your personal information, hackers organize it in a database that they monetize in various ways.
They can use the data themselves.
Hackers could profit from your stolen personal information by exploiting it to make transactions or perpetrate fraud, such as:
- Withdrawing money from your bank account
- Obtaining new credit cards
- Making online purchases
- Borrowing money from the bank or your friends and family
- Making fraudulent health insurance claims
- Paying off their debts
Hackers may sell your personal information to other criminals
Another way hackers profit from stolen personal data is by selling it in masses to other criminals on the black market for thousands of dollars. Buyers can purchase the stolen data they are interested in and use it for their malicious activities.
For instance, personally identifiable information such as names of breach victims, their Social Security numbers, home addresses, and dates of birth can be used to make fraudulent transactions.
Buyers can also clone credit card numbers and security codes and use them for identity theft. The buyer can, for example, apply for loans in the victim’s name or file false tax reports. And they can use stolen emails in phishing attacks, social engineering tactics, and DDoS (distributed denial of service) attacks.
How Much Do My Hacked Accounts Cost?
According to the Dark Web Price Index 2021 by Privacy Affairs, cybercriminals can make quite a profit from hacked personal data.
Everything from credit cards to Netflix accounts is up for sale on the dark web.
To get stolen credit card details with an account balance up to $1,000 costs $150. Credit card details with an account balance up to $5,000 cost $240.
A bank account with a minimum of $2,000 will only cost a cybercriminal $120 to obtain the login details. And stolen PayPal account details with a minimum of $1,000 also cost $120.
To transfer money from a stolen PayPal account with a balance of $1,000 – $3,000 will cost a cybercriminal $340, while to transfer money from a stolen PayPal account with a balance of $3,000 only costs $180. And to obtain the login information from 50 hacked PayPal accounts costs $200.
Western Union transfer from stolen accounts above $1,000 costs a mere $45. A verified Stripe account with a payment gateway goes for $1,000.
One of the most valuable accounts on the dark web is crypto accounts. A hacked and verified Kraken account goes for $810, a hacked and verified Coinbase account goes for $610, while a hacked and verified Cex.io account costs $410.
Social Media Accounts
Social media and email accounts vary between $35 and $80.
A hacked Twitter account costs $35, while you can pay up to $80 for a hacked Gmail account.
To get a thousand followers, likes, or shares for your social media accounts varies between $1 and $25. For instance, hackers ask for as little as $5 to buy 1000 followers for your Instagram account, and the same following costs $2 for Spotify.
The price of an email database with up to 4.78 million emails can go for as low as $10. Private USA dentists database with 122k emails goes for $50. And the USA Voter database from various states costs $100.
Scans of Documents and Physical Copies
Passports are also one of the most expensive items listed on the black market index. The highest physical (Maltese) passports can fetch a whopping $6,500, while the lowest (Lithuanian) passports go for $1,500. For a physical forged national I.D., hackers ask as low as $50 (Newjersey ID), but in some cases, up to $500 (Latvian ID).
Prices for forged copies of driver’s licenses of different states vary between $20-$100. A U.S. driver’s license goes for $100, while an Australian driver’s license only fetches $20.
Hackers ask for $8 for a hacked Uber account and $14 for a hacked Uber driver’s account.
U.S. valid social security number goes for $2.
An eBay account with a high reputation (1,000+ feedback) might reach $1,000. While a fake U.S. Green Card sells for $150.
What You Can Do to Protect Yourself
To prevent your personal information from ending up on the black market, follow these basic guidelines.
Use a Strong Password
Use a password manager to help generate strong and unique passwords for each one of your social media accounts.
Generic passwords such as your birth date or the name of your first pet are easy to crack.
Make sure your passwords are long (at least 16 digits) varied with letters, numbers, and symbols.
Enable multi-factor authentication
Enabling multi-factor authentication on your accounts means that if hackers can access your login details, they’d not be able to access your account with just the passwords.
This is because multi-factor authentication requires a password plus something only you have access to — like a backup code, tapping a number on your screen, or a text message sent to your phone.
Be wary of public WiFi.
Avoid accessing sensitive accounts while you are on public WiFi. According to a study conducted by Kaspersky Security, nearly a quarter of the world’s public WiFi hotspots don’t use any encryption.
This is why hackers often target users on public WiFi to steal their login details. Suppose cybercriminals can access the login information of one of your online accounts. In that case, they can use brute force to crack the passwords of your other accounts and steal money or sensitive personal information.
Always use a VPN and a robust antivirus with a firewall while browsing on public WiFi so your data can be encrypted while in transit.
Be careful while browsing online.
Change the default privacy settings on your devices. And always clear or disable your browser cookies. You should also limit the information you share on social media. For instance, don’t use your full names on your social media accounts. And always read the terms and conditions before using an application or service.
As discussed earlier, data breaches are about money which means hackers are here to stay.
Cybercriminals will continue to target remote employees. And the growth of 5G will expand the bandwidth of connected devices, making them more vulnerable to cyber-attacks.
These reports show the importance of keeping your valuable data and personal information private and secure.
An individual's personal information can be worth more than $1,000 on the dark web amid a spike in cyber crime and identity fraud, according to a new study by cybersecurity researcher Privacy Affairs.How much is personal information worth on the black market? ›
Most valuable types of personal information
A Social Security number may sell for as little as $1. Credit card, debit card and banking info can go for as much as $110. Usernames and passwords for non-financial institution logins are $1, but it can range from $20 to $200 for login info for online payment platforms.
It costs only $4 to buy a social security number (SSN) on the dark web, according to a new report that compiles the results of a two-year investigation by Atlas VPN, a leading virtual network provider.How much personal data is on the dark web? ›
The Dark Web offers approximately 75,000 terabytes of data.How much is my personal information worth? ›
According to a calculator by Financial Times, even if you're a millionaire in America with high purchase intent, your demographic data might just be worth around $2.How much is my privacy worth? ›
The study, conducted by Technology Policy Institute (TPI), indicates that internet users in the United States value their contact information at a cost of about $3.50 per month. Want to keep tabs on their bank balance or collect their fingerprints? That would cost about $7.50 to $8.50 per person.How much is someone's Social Security number worth? ›
The company found that buyers are currently willing to pay just $1 for a Social Security number, which is the same amount they'll pay for user and password information to Brazzers, a pornographic website.How much is credit card info worth on the dark web? ›
Full credit card details and associated data cost between $10 and $100. A full range of documents and account information that will allow identity theft can be purchased for about $1,000.How much does someone's SSN sell for? ›
|Social Security number (sold as part of 'Fullz' dossier)||$30|
|Date of birth||$11|
|Health insurance credentials||$20|
|Visa or MasterCard credentials||$4|
Unfortunately, Dark Web scanners and monitoring tools can only tell you if your data has been exposed — not if it's been (or is being) used. By monitoring your credit report and other sensitive information, you can quickly discover if your leaked information has been used by criminals.
Some of the most common personal data bought and sold on the dark web includes: Credit card, debit card and bank account information. Personally identifiable information, like your name, date of birth, SSN or driver's license number. Passwords to social media accounts and subscription services.Which data is most valuable on the dark web? ›
One of the most valuable accounts on the dark web is crypto accounts.Can I sell my own information? ›
There are several ways you can sell your data, including selling it to another company directly or joining a data marketplace. You can sell your data itself or sell the insights you gain from it.Who is the owner of your personal information? ›
Owner of personal data means a person whose personal data is subject to that person's identity either directly or indirectly, not only employees, customers, suppliers, business competitors but also stakeholders related to the Company.Can someone sell my personal information? ›
Data Brokers: Legally Gathering and Selling Your Information
And it's completely legal for them to do so. These sites use automated software to harvest your information from tech companies, telecommunication providers, credit bureaus, tax records, court records, DMVs in some states, and other public sources.
Your most valuable data is first about money and then the many things directly related to money. The value chain for data can be generalized into the degrees of separation between money and the data. The closer to the money that the data is, the higher its potential value.How much is my data worth to Facebook? ›
Adjusting for the estimated increase in the number of Americans using the internet, people's personal data will be worth an average of $434 per American user in 2022.Why is personal data so valuable? ›
Used properly, the data helps companies better understand the needs and desires of their customers. It serves as the basis for personalization, improving customer service and creating customer value. They help to understand what works and what doesn't.How do I get the $16728 Social Security bonus? ›
To acquire the full amount, you need to maximize your working life and begin collecting your check until age 70. Another way to maximize your check is by asking for a raise every two or three years. Moving companies throughout your career is another way to prove your worth, and generate more money.What do the first 3 digits of your Social Security mean? ›
Since 1973, social security numbers have been issued by our central office. The first three (3) digits of a person's social security number are determined by the ZIP Code of the mailing address shown on the application for a social security number.
When your Social Security number is available on the dark web, it gives cybercriminals the ability to open credit accounts in your name. In other words, someone other than you can take out personal loans, apply for credit cards, or open other financial accounts under your name.How much is a password on the dark web? ›
Arora said certain passwords on the dark web, particularly those that provide access to financial or medical information, can sell for as much as $1,000 apiece.How much do people sell credit card info for? ›
Unsurprisingly, it comes down to money. A single consumer's stolen credit information card sells for around $5 to $150 dollars depending on the amount of supplementary data included. A name, address and CVV number all add to the value of the card, but not by much.How much money does a black credit card have? ›
You have to be a private banking client of J.P. Morgan in order to qualify, and it's generally believed, though unconfirmed, that you need to have $10 million worth of assets managed by J.P. Morgan. This card is strictly by invitation only.What is the highest SSN payment? ›
In 2023, the average senior on Social Security collects $1,827 a month. But you may be eligible for a lot more money than that. In fact, some seniors this year are looking at a monthly benefit of $4,555, which is the maximum Social Security will pay. Here's how to score a benefit that high.What can I buy with my SSN? ›
In addition to Social Security, the SSN is now also used for a wide range of purposes. These include obtaining credit, opening a bank account, obtaining government benefits or private insurance, and buying a home or a car, among many other pursuits.Can I get money from my SSN? ›
There are two ways you can receive your benefits: Into an existing bank account via Direct Deposit or. Onto a Direct Express® Debit Mastercard®Can you get in trouble for just being on the dark web? ›
While using the dark web may seem suspect on the surface, it is perfectly legal, and there are many legitimate uses of Tor and anonymous browsing.Can I get my info removed from the dark web? ›
Unfortunately, once your info is on the dark web, there's nothing you can do to remove it.What happens if you get tracked on the dark web? ›
Hackers and the Dark Web
There are a myriad of dark web software systems that they may use to anonymously scan your network and look for vulnerabilities. Once they find a hole in your security system, they can exploit the vulnerability and get access to information meant only for authorized users.
Dark web marketplaces are a platform for trading illicit products on a small and large scale. The products that are most commonly listed for sale include drugs, fake documents, fraud-related items, and hacking services and tools.What stolen information sells for the most on the dark web? ›
Credit cards, Paypal accounts, and fullz are the most popular types of stolen information traded on the dark web, but they're far from the only data worth stealing, says Comparitech.What two kinds of personal information can be sold on the dark web by cyber criminals? ›
All types of personal data can be distributed online for a profit. Passwords, physical addresses, bank account numbers, and social security numbers circulate in the dark web all the time.What is more deeper than dark web? ›
Surface Web and Shadow Web
Finally, the last concept you should know about is the shadow web. This is allegedly a layer of internet even deeper than the dark web, the well-known hub for criminal activity. Rumors say that this shadow web is a place where even darker, more serious criminal activity takes place.
Simply put, the deep web is any part of the Net that is not indexed by search engines. This includes websites that gate their content behind paywalls, password-protected websites and even the contents of your email. The dark web, on the other hand, uses encryption software to provide even greater security.What can I benefit from the dark web? ›
The dark web helps people to maintain privacy and freely express their views. Privacy is essential for many innocent people terrorized by stalkers and other criminals. The increasing tendency of potential employers to track posts on social media can also make it difficult to engage in honest discussions publicly.Is personal information sold on the dark web? ›
Some of the most common personal data bought and sold on the dark web includes: Credit card, debit card and bank account information. Personally identifiable information, like your name, date of birth, SSN or driver's license number. Passwords to social media accounts and subscription services.How much do SSN sell for? ›
For people with high credit scores, a Social Security number, birth date, and full name can sell for $60 to $80 on the digital black market. It may not sound like much, but for hackers, a good credit score can fetch a nice premium.How much can stolen data be sold for? ›
Social media and email accounts vary between $35 and $80. A hacked Twitter account costs $35, while you can pay up to $80 for a hacked Gmail account. To get a thousand followers, likes, or shares for your social media accounts varies between $1 and $25.What if my SSN was found on the dark web? ›
If you discover that your SSN is circulating on the Dark Web, immediately lock your Experian credit file from either the mobile or web app to prevent further damage. Identity theft insurance coverage.
Unfortunately, once your info is on the dark web, there's nothing you can do to remove it.Can you sell your identity? ›
Your ID could be sold on the Dark Web
One of the most common types of identity theft is the act of selling stolen personal data on the Dark Web. Criminals with outstanding warrants can also buy stolen driver's licenses to assume a new identity.
Since 1973, social security numbers have been issued by our central office. The first three (3) digits of a person's social security number are determined by the ZIP Code of the mailing address shown on the application for a social security number.What is the most common data stolen? ›
- Stolen Information.
- Password Guessing.
- Recording Keystrokes.
- Malware or Virus.
- Distributed Denial of Service (DDoS)
- Customer records.
- Financial Data such as credit card or debit card information.
- Source codes and algorithms.
- Proprietary process descriptions and operating methodologies.
- Network credentials such as usernames and passwords.
- HR records and employee data.
- Personal data. This includes Social Security numbers, financial information, birth dates, and other sensitive personal data. ...
- Digital infrastructure. ...
- Corporate accounts. ...
- Intellectual property (IP)