Shining A Light On The Dark Web: How Much Is Your Personal Information Selling For?

The dark web is a busy illegal market. To best protect yourself you need to know what items are in high demand, how much they go for, and how to best protect your information so that you don’t fall victim to this type of crime.

Dark Web

The Internet is a scary place – a black market web of illicit and illegal acts. The old saying that the best offense is a good defense applies to the Internet as well – to protect yourself you must know what is out there.

How often is it that portions of our identities are bought and sold on the web? What is secure and what isn’t? How much are people paying for personal information on the dark web? These are the questions you should be asking yourself.

What information is sold on the dark web Price
Social Security $1
General Non-financial institution logins $1
Subscription services $1-$10
Credit Debit card numbers without the CVV $5-$110
Credit Debit card numbers with CVV $10-$115
Loyalty accounts $20
Driver’s License $20
Online Payment Services $20-$200
Fullz info $30
Diplomas $100-$400
Passport $1000-$2000
Medical Records $1-$1000

When it comes to protecting your personal information, often the first thing you think about is your Social Security number. Many believe it’s the only thing that gets routinely sold on the dark web. Surprisingly, the data shows that this is not in the least bit true.

Social Security numbers are only valued at $1. For less than the cost of a candy bar, you can buy a Social Security number, general non-financial institution logins, or subscription service logins such as Netflix or Hulu. Forbes magazine reported that in December of 2017 a file with 1.4 billion hacked and leaked passwords was found on the dark web. A bulk of these passwords and logins were for subscription accounts on Netflix, Last.FM, LinkedIn, MySpace, dating site Zoosk, adult website YouPorn, as well as for favorite games like Minecraft and Runescape.

Beyond subscriptions to streaming services, hackers gain make real money off of your personal information. For example, with just $5 you can afford to buy credits card numbers. If you want credit card numbers with the CVV number, it will cost you only an additionally $5. One of the more surprising items is that the dark web wants are loyalty accounts. For the cost of a typical gym membership, you can have a person’s loyalty account number or their Driver’s License number.

For about the cost of a dozen roses ($30), you can find all kinds of Online Payment services or “Fullz” info. Fullz information is an information bundle that includes a name, SSN, birthday, account number, and other data. This cost has gone down since 2015; in just two years’ time, Fullz information has dropped from $15-$65 to just $10-$30.

On the more expensive end of the dark web, you can find items from diplomas and passports, to even medical records. These can run you $100-$400 and $1000-$2000 respectively. These items being on the black market have their own repercussions. It begs the question of why medical records were worth so much more, in comparison to spending $1 for a Social Security number.

Jean-Frederic Karcher, the head of security at communications provider Maintel explains that “The main reason medical institutions and the NHS are targeted is that they have vast amounts of patient data at their disposal. Hackers can sell large batches of this personal data for profit on the black market”.

What causes the difference in cost for personal information on the dark web?

There are four main factors that impact the price of personal information. The first two elements are a fundamental economics equation where cost is dependent on the supply and demand. Another factor is the balance of the account – if the credit card has significant available credit, it will cost more. Same with loyalty cards that have a high stability of points. Lastly, the cost of personal data can be dependent on the ability to reuse the data. For example, a person would pay more for a credit card that they can use multiple times, as compared to a gift card they could use only once.

How are they getting this information and what can you do to protect yourself?

“According to the ITRC, data breaches in the United States during 2016 hit an all-time high of 1,093, which represents a 40% increase over the previous year.” Weak passwords and unmonitored accounts are the leading causes of identity theft.

Weak passwords

Often cybercriminals can gain access to this information from simple things such as poor password choices or weak antivirus software. Overlooking small vulnerabilities such as these gives opportunities for your information to be sold on the dark web.

Unmonitored financial accounts

To best protect yourself, you should monitor your accounts and statements for anything that looks suspicious. Hackers usually target people that they know they could get a good lead on. For example, an elderly lady, that can’t see that well, won’t be tracking her account like a younger person would be on a smaller budget.

Unmonitored credit reports

Thirdly, remember to check your credit report often. If you are subscribed to a credit report service, remember to keep copies of your report anytime they are requested. For example, if you buy a vehicle, or open a credit card, you should have a copy of the report sent to you as well. That way you can look for any discrepancies on your report and identify them right away.

Not reporting suspicious activity

Hackers also know that often their crimes won’t be reported. If you note something suspicious and don’t report it, you are giving them another leg up on you. The more time that goes by, the less likely it is that you will be able to recover. The Federal Trade Commission (FTC) tracks identity theft statistics, helps victims, and coordinates responses by various governmental agencies. The average company offers employees an average of 10 days of leave per year, which equals out to 80 paid hours of leave. The FTC reports that recovering from identity theft takes an average of six months and 200 hours of work. That would be over two years’ worth of leave accrual.

Knowing what is on the dark web is only half the battle – you should also know what is valuable on the dark web and what isn’t. You should know how these items are getting into the wrong hands so that you can best protect yourself and your information. Remember to use strong passwords and monitor your accounts and credit cards for any discrepancies. If you notice anything out of the ordinary you should report it right away. Don’t let your information end up on the dark web. Get a few steps ahead of these hackers today.