It’s no news that the dark
web is rife with offers of stolen data that ranges from pilfered credit card
information and hijacked payment services accounts to hacked social media
accounts. Anyone interested can also hire a ne’er-do-well to launch a
distributed denial of service (DDoS) attack, buy malware, or purchase forged
documents and commit identity theft.
But have you ever wondered
how much your personal information goes for on the dark web? Researchers at
Privacy Affairs have sifted through the listings in the internet’s seedy
underbelly and created an overview of the average price tags attached to your
stolen personal data.
Called Dark Web Price Index 2020, the price breakdown of various kinds of stolen
personal information shows that, for example, a cloned American Express card
with PIN tops the payment card menu at US$35 a pop, while credit card details
generally sell for as little as US$12-20. Meanwhile, stolen online banking
credentials to accounts with a minimum balance of US$2,000 can go for US$65 on
average.
As for payment processing
services, PayPal accounts are by far the most commonly listed items. However,
pilfered accounts go for lower prices than actual transfers from compromised
accounts. Interestingly, a transfer within the US$1,000-3,000 range goes for an
average price of some US$320 while transfers of over US$3,000 go for
approximately half the price – US$156.
Offers to hack social media
accounts aren’t, in fact, a commonly listed item, according to the report,
which attributed this to bolstered security measures by social media platforms,
as well as to low demand. Indeed, it’s safe to say that the price of your
information on the underground marketplaces is governed by the age-old dictates
of supply and demand. Once they are on offer, the prices are in the tens of
dollars.
Meanwhile, Gmail accounts
command a relatively high price at an average of US$156. This may be because a
lot of people use single sign-on options, which would mean a compromised email
account could open up a treasure trove of data and access to various other
services.
Miscreants are also
offering their services for hire. Potential buyers can shop around for DDoS attacks with prices
depending on the size and duration of the onslaught, starting at a US$10 and
topping out at over US$800. Hackers also offer various forms of malware for
sale with prices starting from US$70 and going all the way up to US$6,000
depending on various factors.
While the bulk of the stolen sensitive
information comes
from large-scale data breaches that have hit countless businesses over the
years, there are multiple simple steps you can take to protect yourself. For
example, look out for phishing attacks that prey on your login credentials or credit
card details. Instead of using easy-to-remember passwords, opt for a strong and unique
passphrase for
each account. Importantly, use two-factor authentication whenever it is available. Also, never use an unsecured Wi-Fi network to access accounts that are home to your
sensitive data. Use data breach notification services to learn if your details have been stolen in
a known data breach. Finally, never underestimate the value of a multilayered
security solution and make sure it’s up-to-date.