The internet has become an integral part of our daily lives, as we use it for work-related and entertainment purposes, to access healthcare and financial services, or to stay connected with others on social media. The downside of this level of connectivity is that much of our personal, financial and medical information is now stored online, and is vulnerable to attacks by cybercriminals, be it via a direct attack on our personal systems or via a data breach of a service we use. In 2020 alone, over 36 billion personal records were compromised due to data breaches. The reason that data breaches happen so frequently is that personal information has become a marketable commodity on the Dark Web, where troves of compromised data can be bought and sold, and can lead to high financial gains for hackers. According to researchers, personal and financial information are the second-most desired product on the Dark Web, right after contraband and pharmaceutical drugs. 

The type of data offered on the Dark Web can be summarised in four broad categories: Personal Information, Payment Cards information, Financial accounts and credentials, and Non-financial accounts and credentials. The personal data found on the Dark Web usually consists of any type of information that can be used to identify an individual, such as full name, date of birth and contact details, such as emails and telephone numbers. It can also include educational, employment and sensitive medical information. One of the most commonly found data types on the Dark Web is payment card data, and includes credit and debit card information, for instance the number, expiration date and security code, which can be used by bad actors to clone cards or perform fraudulent transactions online. The information related to financial accounts and credentials is also highly in demand on the Dark Web, and includes data such as bank account and routing numbers, or usernames and passwords for online financial accounts or other payment platforms. On the other hand, non-financial account information includes the login credentials for entertainment and streaming platforms, dating and online shopping sites, delivery and food services, and more. On the Dark Web it is also common to find so-called “Fullz”, a bundle of information on an individual, which can include a victim’s name, date of birth, address, online passwords, credit card data, banking data, driver’s license, and other identifying information. Such a set of information can be used to commit many actions, such as identity theft and credit fraud.

On the Dark Web, different types of compromised information hold different monetary values, and the pricing scheme of data is influenced by a range of factors. According to researchers, the rules of supply and demand that are observed in the regular economy play the same role on the Dark Web. For this reason, data that is widely available, like email accounts, typically sell for $1 or less.  On the other hand, data such as medical records, which are scarce in supply and offer a large amount of personal data, are among the most expensive types of data, reaching up to $2000. Additional factors that influence the price of data on the dark web are the victim’s country of residence, and how new & complete the data is. For instance, the price for stolen debit and credit cards can fluctuate from only $0.11 to around $1000, depending on the card’s credit limit and on the country in which the card was issued. Due to the wide availability on the Dark Web of stolen credit cards issued in the US and the UK, their average price can be as low as $1.50 for US cards, and $2.50 for UK cards. Credit cards issued in the EU, UAE, Australia and New Zealand are among the more valuable due to their lower supply, and cost an average of $8 per card. Similarly, the price of “fullz” is influenced by the location of a victim and by the completeness of the information offered. “Fullz” of American citizens are typically the cheapest, at around $8, while the most expensive, at an average of $25, belong to victims in the UAE, Japan and Europe. Additional information in “fullz”, like a victim’s driver’s license number or passport scan, will result in higher prices. The price of credentials for online banking or payment services, like PayPal, is typically not affected by the victim’s country of residence, but rather on the balance of the account. Access to PayPal accounts is offered for anywhere between $5 and $1,767, and according to researchers the account’s balance is typically 32 times higher than the price for which it was sold on the Dark Web.  Other data, like the login credentials to non-financial accounts, tends to sell for under $20. Accounts to Netflix are priced at an average of $8.52, while accounts for Spotify can go as low as $0.21. The most expensive social media login is for Facebook, at $5.20, followed by LinkedIn at $2.07. It is worth noting that, while the prices above mentioned appear low, on the Dark Web stolen data is often sold in bulk and can therefore be extremely lucrative to hackers.  

Troves of stolen personal and financial information can be easily found on the Dark Web, and in the hands of experienced cybercriminals this data can lead to severe consequences for the victims. Cybercriminals can use your financial information to clone your credit cards, perform fraudulent transactions online, and drain your funds. However, cybercriminals are not only after your financial information, and can use your personal data to impersonate you online, perform phishing attacks, steal your identity, take out loans, open lines of credit and commit fraud in your name. It is White Blue Ocean’s mission to protect you from identity theft and financial fraud. We do this by monitoring the open web, social networks, and the deep and Dark Web to detect the illegal trading of personal, financial and contact information for both individuals and businesses. White Blue Ocean’s monitoring system immediately alerts you when your information is at risk of being compromised, giving you advice on how to successfully protect yourself or your business from being the victim of fraud, identity theft, and reputational damage. It is time to take action to protect yourself and your business from cyber risks.

Reference list 

https://www.infosecurity-magazine.com/news/personal-information-50-cents-dark/ 

https://www.forbes.com/sites/nicolemartin1/2019/10/23/your-data-on-the-dark-web-qa-with-imageware-systems-cto-david-harding/?sh=671f13e16c92

https://www.top10vpn.com/research/investigations/dark-web-market-price-index-2019-us-edition/

https://cybernews.com/security/whats-your-identity-worth-on-dark-web/

https://www.huffingtonpost.co.uk/entry/email-passwords-bank-info-dark-web_l_5d1f8262e4b04c4814136470  

https://www.truthfinder.com/infomania/dark-web/medical-records-for-sale-dark-web/  

https://spanning.com/blog/identity-theft-on-the-dark-web/  

https://www.bleepingcomputer.com/news/security/what-your-personal-information-is-worth-to-cybercriminals/  

https://journalofcyberpolicy.com/2020/04/26/fraud-guides-top-list-frequently-sold-type-data-major-dark-web-marketplaces/  

https://www.techrepublic.com/article/how-much-is-your-info-worth-on-the-dark-web-for-americans-its-just-8/  

https://www.comparitech.com/blog/vpn-privacy/dark-web-prices/  

https://sensorstechforum.com/personal-information-cybercriminals/  

https://www.cio.com/article/2400064/are-you-at-risk--what-cybercriminals-do-with-your-personal-data.html  

https://www.identityforce.com/blog/what-is-pii#:~:text=PII%20stands%20for%20Personally%20Identifiable,and%20your%20date%20of%20birth.  

https://cyberior.com/blog/2019/05/08/what-is-dark-web-trading-of-personal-data-in-the-dark-web/  

https://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-id-value-hackers-cyber-crime-a8683821.htm  

https://www.ele-ment.com/blog/2020/9/13/data-breaches-and-the-dark-web-the-danger-of-a-single-password  

https://www.techrepublic.com/article/2020-sees-huge-increase-in-records-exposed-in-data-breaches/