Do you know about the dark web, how much your hacked personal data costs on the black market, how cybercriminals use stolen data, and what you can do to protect yourself?
According to recent security statistics, the number of personal data breaches and hacks has increased dramatically. COVID-19 has ramped up remote workforces that operate off cloud-based platforms paving the way for cyber attacks. And the rollout of 5G, which has led to the adoption of more connected devices, has also increased the attack surface for hackers looking to exploit sensitive personal data.
What’s worse is research shows most companies don’t protect their sensitive data or have traditional security approaches that are largely ineffective, making them vulnerable to cyber-attacks.
This means that hackers can easily steal your personal data and use it to carry out more dangerous attacks, or they can sell it on the dark web for thousands of dollars.
What is the Dark Web?
The dark web is a marketplace where vendors anonymously operate the illegal trade of goods through unofficial or unauthorized channels.
Search engines do not index the dark web. Users access it using unique browsers such as Tor, making them bounce through many different relays, making it almost impossible to track their connection.
Terrorism statistics on the dark web reveal over 50,000 extremist groups on this part of the internet, and they can sell and buy almost anything.
Stolen personal information is frequently traded on the black market online. And the prices of personal data depend on a combination of factors like the type of data being sold, risks of attaining the data, how recently it was obtained, the increasing benefits of buyers using the information, the increased quality and accuracy of the information, and its demand and supply.
That means the black market is thriving. Dark web reports state that cybercriminals added over 22 billion new records for sale in 2020 alone on the black market.
Vendors on the Dark Web are even parodying traditional established markets with offers like “purchase two cloned credit cards and get one free!!”
For further illustration on how the market is thriving, here’s a snapshot of a fake I.D. vendor profile with over 600 buyer ratings who make sales every day:
The most common way to pay on the dark web is with Bitcoins (BTC). But recently, shady web vendors have been asking buyers to make payments using Monero and communicate only via PGP (Pretty Good Privacy) encryption. Monero and PGP offer more security and aids in their efforts to avoid getting detected and tracked by law enforcement.
How Hackers Monetize Stolen Personal Data
Verizon’s annual data breach report states that 86% of personal data breaches are about money, and 55% are committed by organized criminal groups. And with the amount of money they can make, they are not going anywhere anytime soon.
After stealing your personal information, hackers organize it in a database that they monetize in various ways.
They can use the data themselves.
Hackers could profit from your stolen personal information by exploiting it to make transactions or perpetrate fraud, such as:
- Withdrawing money from your bank account
- Obtaining new credit cards
- Making online purchases
- Borrowing money from the bank or your friends and family
- Making fraudulent health insurance claims
- Paying off their debts
Hackers may sell your personal information to other criminals
Another way hackers profit from stolen personal data is by selling it in masses to other criminals on the black market for thousands of dollars. Buyers can purchase the stolen data they are interested in and use it for their malicious activities.
For instance, personally identifiable information such as names of breach victims, their Social Security numbers, home addresses, and dates of birth can be used to make fraudulent transactions.
Buyers can also clone credit card numbers and security codes and use them for identity theft. The buyer can, for example, apply for loans in the victim’s name or file false tax reports. And they can use stolen emails in phishing attacks, social engineering tactics, and DDoS (distributed denial of service) attacks.
How Much Do My Hacked Accounts Cost?
According to the Dark Web Price Index 2021 by Privacy Affairs, cybercriminals can make quite a profit from hacked personal data.
Everything from credit cards to Netflix accounts is up for sale on the dark web.
Financial Accounts
To get stolen credit card details with an account balance up to $1,000 costs $150. Credit card details with an account balance up to $5,000 cost $240.
A bank account with a minimum of $2,000 will only cost a cybercriminal $120 to obtain the login details. And stolen PayPal account details with a minimum of $1,000 also cost $120.
To transfer money from a stolen PayPal account with a balance of $1,000 – $3,000 will cost a cybercriminal $340, while to transfer money from a stolen PayPal account with a balance of $3,000 only costs $180. And to obtain the login information from 50 hacked PayPal accounts costs $200.
Western Union transfer from stolen accounts above $1,000 costs a mere $45. A verified Stripe account with a payment gateway goes for $1,000.
One of the most valuable accounts on the dark web is crypto accounts. A hacked and verified Kraken account goes for $810, a hacked and verified Coinbase account goes for $610, while a hacked and verified Cex.io account costs $410.
Social Media Accounts
Social media and email accounts vary between $35 and $80.
A hacked Twitter account costs $35, while you can pay up to $80 for a hacked Gmail account.
To get a thousand followers, likes, or shares for your social media accounts varies between $1 and $25. For instance, hackers ask for as little as $5 to buy 1000 followers for your Instagram account, and the same following costs $2 for Spotify.
The price of an email database with up to 4.78 million emails can go for as low as $10. Private USA dentists database with 122k emails goes for $50. And the USA Voter database from various states costs $100.
Scans of Documents and Physical Copies
Passports are also one of the most expensive items listed on the black market index. The highest physical (Maltese) passports can fetch a whopping $6,500, while the lowest (Lithuanian) passports go for $1,500. For a physical forged national I.D., hackers ask as low as $50 (Newjersey ID), but in some cases, up to $500 (Latvian ID).
Prices for forged copies of driver’s licenses of different states vary between $20-$100. A U.S. driver’s license goes for $100, while an Australian driver’s license only fetches $20.
Hackers ask for $8 for a hacked Uber account and $14 for a hacked Uber driver’s account.
U.S. valid social security number goes for $2.
An eBay account with a high reputation (1,000+ feedback) might reach $1,000. While a fake U.S. Green Card sells for $150.
What You Can Do to Protect Yourself
To prevent your personal information from ending up on the black market, follow these basic guidelines.
Use a Strong Password
Use a password manager to help generate strong and unique passwords for each one of your social media accounts.
Generic passwords such as your birth date or the name of your first pet are easy to crack.
Make sure your passwords are long (at least 16 digits) varied with letters, numbers, and symbols.
Enable multi-factor authentication
Enabling multi-factor authentication on your accounts means that if hackers can access your login details, they’d not be able to access your account with just the passwords.
This is because multi-factor authentication requires a password plus something only you have access to — like a backup code, tapping a number on your screen, or a text message sent to your phone.
Be wary of public WiFi.
Avoid accessing sensitive accounts while you are on public WiFi. According to a study conducted by Kaspersky Security, nearly a quarter of the world’s public WiFi hotspots don’t use any encryption.
This is why hackers often target users on public WiFi to steal their login details. Suppose cybercriminals can access the login information of one of your online accounts. In that case, they can use brute force to crack the passwords of your other accounts and steal money or sensitive personal information.
Always use a VPN and a robust antivirus with a firewall while browsing on public WiFi so your data can be encrypted while in transit.
Be careful while browsing online.
Change the default privacy settings on your devices. And always clear or disable your browser cookies. You should also limit the information you share on social media. For instance, don’t use your full names on your social media accounts. And always read the terms and conditions before using an application or service.