Stolen data is one of the fastest selling commodities on the dark web.
With the array of affordable hacking and exploitation tools at the disposal of petty fraudsters and sophisticated hackers alike, it has become all too easy to enjoy handsome profits from selling breached data on the dark web.
But just how valuable is this stolen information to everyone else on the dark web? Most importantly, what is the yardstick used to determine the value of stolen data?
Information is King
Various reports including McAfee Labs’ “Hidden Data Economy” provide insight into the dynamics of business on the dark web.
Drawing from years of reconnaissance in partnership with law enforcement, the security group succinctly captures the average value of various types of stolen information, using data from a number of “respectable” marketplaces such as AlphaBay.
Based on this publication, financial credentials such as bank details and credit card information rank high on the list of bestselling items on these darknet markets.
However, the offers don’t stop there.
Criminals on dark web platforms sell anything from stolen PayPal credentials to Netflix subscriptions, all for as little as $0.50.
One of the key influencers of price is the amount of information available in every cache of stolen data.
For instance, bank credentials that come with social security numbers, dates of birth, billing addresses, maiden names and email addresses typically cost more than those without.
However, bank balance plays a major role in deciding just how valuable the stolen data is, with a $2,000 account balance going for about a tenth of its value (around $200).
Bank accounts with stealth fund transfer features hold more value on the dark web for obvious reasons.
An account that can transfer money in stealth mode to other banks in the United States, for instance, goes for about $500 if the available balance is roughly $6,000.
Banks that can transfer funds stealthily to United Kingdom banks are marginally more expensive, with a $16,000 account balance going for around $900.
Credit/Payment Card Information
Stolen payment card credentials are mostly software-generated.
The most common listings combine credit card CVV2 numbers with details such as the expiration date and the account number linked to the credit card.
This information can go for anything between $5 and $8, but the addition of the bank identification number hikes that figure to $15.
The holy grail of stolen credit card information, known as “Fullz info,” includes the billing address, PIN number, date of birth, social security number and even the maiden names of users and their online bank account credentials.
This goes for a flat rate of $30 for U.S. cards, $20 to $35 for U.K. cards, $20 to $40 for Canadian cards, $21 to $40 for Australian cards and $25 to $45 for European cards.
Online Payment Service Accounts
When it comes to online payment services like PayPal, the value of the stolen data is chiefly determined by the available account balance.
The rates start from as little as $50 for an account, with a balance of about $1,000 to $300 for an $8,000 account balance.
These sorts of listings are very common on dark web marketplaces such as AlphaBay. Good sellers are usually ranked according to the quality of their services and their transparency.
On the other hand, dishonest vendors—such as those who advertise false accounts—are often publicly shamed in forums and end up losing their credibility.
In some cases, the website administrators ban them altogether.
Loyalty Programs, Online Auction Accounts and Subscriptions
Even seemingly trivial luxuries such as reward programs and viewing subscriptions can be purchased on dark web markets.
While stolen hotel loyalty programs and auctions account credentials can cost as much as $1,400, subscriptions to services such as Netflix are sold for less than $1.
Healthcare records from major data heists are a gold mine for vendors of stolen data. This category of data has a very high rate of demand on dark web markets.
But its prices, while still high compared to other stolen offerings, are dropping due to the sheer quantity of medical records for sale on darknet markets.
On average, individual medical records retailed between $70 and $100 last year.
Now, they’re sold at prices ranging from $20 to $50, or sometimes more depending on what kind of value the information could have to the buyer.
Here, the value is mostly dictated by where the stolen data is sourced.
Latest posts by Richard (see all)
- Bupa Employee Found Selling Medical Records on the Dark Web - July 24, 2017
- Hansa Market Shut Down by Dutch Authorities - July 21, 2017
- Fake Tor Browser Used to Target Dark Web Users - July 21, 2017