Besides using your credentials to gain access to your online accounts, cybercriminals often sell the usernames and passwords obtained through hacks and data breaches on the dark web in what has become an increasingly lucrative business.
According to a new study (opens in new tab) from NordVPN, the VPN company’s researchers analyzed one of the many dark web markets that has sprung up in recent years to find that this marketplace in particular has illegally sold more than 720,000 items and data pieces for $17.3 million.
While the most expensive item available is bank account login data which has an average price of $90, U.S. payment card data can be had for the average price of $6. Passports, personal IDs, driver’s licenses, email addresses, payment card data, mobile phone numbers, online accounts, bank account logins and crypto accounts as well as other personal data are all available for purchase on the dark web marketplace investigated by NordVPN.
However, Adrianus Warmenhoven, cybersecurity expert at NordVPN, explained in a press release that this marketplace is but one of many selling passwords and other data on the dark web, saying:
“This one market is just the tip of an iceberg. There are over 30K websites on the dark web at the moment. Keep in mind that only 4% of the entire internet belongs to the surface web that is available to any user online. The market that was analyzed in our case study was chosen because it was used by some big hacker groups in the past, such as the one involved in AT&T data theft in August of last year.”
Average prices for data sold on the dark web
Of the American bank account data available on the dark web marketplace in question, the most expensive data comes from US Bank and can be bought for $342. However, data from European bank accounts like Dutch ING ($3,800) and British Barclays ($2,900) is worth even more on the dark web.
When it comes to the most expensive merchandise overall, passports took the top spot with an average price of $600 per document. Still though, some passports are worth more than others, with those from the Czech Republic, Slovakia and Lithuania costing an average of $3,800 each while an American passport only costs $20 on average. According to NordVPN, the price depends on a number of factors including how difficult it is to fake a document, how widely it is sold and how commonly it is purchased on the dark web.
Surprisingly, U.S. payment card data costs around $6 and mobile phone numbers can be had for just $4.50 on average. Online accounts also come at a low price with a hacked Netflix account available for $10, an Uber account for $12 and a Twitter account for as little as $2.
Cryptocurrency wallets meanwhile cost more than both payment card data and bank account data with an average price of $395. The most expensive crypto account data comes from Binance, followed by Kraken ($385) and Crypto.com ($350).
At the same time, the price for American merchandise for different states varies drastically. For instance, a Colorado ID card can cost as much as $200 while a Washington ID can be bought for as little as $0.99.
What is the dark web?
Although the dark web sounds like a scary place filled with malware, cybercriminals and others who are up to no good, it’s actually just a part of the internet that you can’t find on a search engine.
While Google and other search engines index all of the websites on the surface web (also known as the clearnet) to make them easier to find, sites on the dark web are only found by word of mouth or links to them. Likewise, the term deep web also refers to sites on the internet that are not indexed and can’t be accessed via a search engine. However, deep web content includes any content that is behind a paywall or requires a user to sign in to access it.
The dark web on the other hand is a subset of the deep web that is intentionally hidden and requires a browser like Tor to access it since many of the sites on the dark web use .onion web addresses.. While no one knows the exact size of the dark web, experts estimate that it is at or around 5 percent of the size of the surface web.
Despite the fact that few users will ever need to go on the dark web, it’s still worth knowing the difference between it and the surface web.
How to prevent your data from being sold on the dark web
To reduce the risk of your data being sold on the dark web, Warmenhoven recommends that users make sites and services earn their trust as cybercriminals get loads of data by targeting the websites you share your data with. Although you can’t personally secure the servers that store your data on the sites you visit, you can vote with your wallet or by simply walking away. If a site falls victim to a data breach due to poor security practices, stop using it and any services it may provide.
Next up, Warmenhoven suggests that users educate themselves on how to protect their data. Fortunately, we have a useful guide on 7 ways to improve your online security for free which you may find useful.
As always, you need to stay vigilant to help protect your data online and as part of this, you should actively monitor your online accounts for login attempts from suspicious devices or purchases you don’t remember making.
Finally, using a password manager is an easy and relatively inexpensive way to ensure that the credentials for your online accounts are stored securely and that you’re not reusing the same passwords for multiple accounts.