Worth of your personal data on the dark web

Amer Owaida, Security Writer at ESET discusses that the going prices are lower than you probably think – your credit card details, for example, can sell for a few bucks

It’s no news that the dark web is rife with offers of stolen data that ranges from pilfered credit card information and hijacked payment services accounts to hacked social media accounts. Anyone interested can also hire a ne’er-do-well to launch a distributed denial of service (DDoS) attack, buy malware, or purchase forged documents and commit identity theft.

But have you ever wondered how much your personal information goes for on the dark web? Researchers at Privacy Affairs have sifted through the listings in the internet’s seedy underbelly and created an overview of the average price tags attached to your stolen personal data.

Called Dark Web Price Index 2020, the price breakdown of various kinds of stolen personal information shows that, for example, a cloned American Express card with PIN tops the payment card menu at US$35 a pop, while credit card details generally sell for as little as US$12-20. Meanwhile, stolen online banking credentials to accounts with a minimum balance of US$2,000 can go for US$65 on average.

As for payment processing services, PayPal accounts are by far the most commonly listed items. However, pilfered accounts go for lower prices than actual transfers from compromised accounts. Interestingly, a transfer within the US$1,000-3,000 range goes for an average price of some US$320 while transfers of over US$3,000 go for approximately half the price – US$156.

Offers to hack social media accounts aren’t, in fact, a commonly listed item, according to the report, which attributed this to bolstered security measures by social media platforms, as well as to low demand. Indeed, it’s safe to say that the price of your information on the underground marketplaces is governed by the age-old dictates of supply and demand. Once they are on offer, the prices are in the tens of dollars.

Meanwhile, Gmail accounts command a relatively high price at an average of US$156. This may be because a lot of people use single sign-on options, which would mean a compromised email account could open up a treasure trove of data and access to various other services.

Miscreants are also offering their services for hire. Potential buyers can shop around for DDoS attacks with prices depending on the size and duration of the onslaught, starting at a US$10 and topping out at over US$800. Hackers also offer various forms of malware for sale with prices starting from US$70 and going all the way up to US$6,000 depending on various factors.

While the bulk of the stolen sensitive information comes from large-scale data breaches that have hit countless businesses over the years, there are multiple simple steps you can take to protect yourself. For example, look out for phishing attacks that prey on your login credentials or credit card details.

Instead of using easy-to-remember passwords, opt for a strong and unique passphrase for each account. Importantly, use two-factor authentication whenever it is available. Also, never use an unsecured Wi-Fi network to access accounts that are home to your sensitive data. Use data breach notification services to learn if your details have been stolen in a known data breach. Finally, never underestimate the value of a multilayered security solution and make sure it’s up-to-date.