The dark web isn’t exactly the kind of place you want to visit. It’s full of things you can’t unsee, and forums you never wanted to stumble in.
But if you’ve ever fired up the Tor browser to take a look at the shadowy place beyond the reach of the indexed web, you’ve probably gotten a firsthand look at the marketplace for stolen account credentials. Listings for lifted financial accounts and social profiles abound.
And it’s all available, at least ostensibly, with a few clicks.
How Much Do Stolen Account Credentials Go For?
Recently, researchers for Privacy Affairs investigated the dark web to construct a price index of ill-gotten digital goods. While there are plenty of illegal products and services for sale, from illicit drugs to hackers for hire, Privacy Affairs focused on stolen and counterfeit data for sale. Their results give us an idea of how valuable different types of data are to cybercriminals.
Stolen financial account credentials can command a high price. For instance:
- PayPal account details command a price around $200.
- Transfers from stolen PayPal and Western Union accounts run between $98 and $320.
- Bank account logins trend lower, from $35 to $65, depending on the balance.
- Bank cards details are cheaper still, from $12 to 35 based on the price and size of account.
Then there are social and web services account details.
If you expect the asking price for these stolen data to be significantly lower, you’ll be surprised. Stolen Twitter, Facebook and Instagram account credentials are on offer from $50 to $75, and a hacked Gmail account costs twice that, at an average of $150.
Protecting Your Accounts
Cyber hygiene is critical in preventing hackers from grabbing your account details to add to their dark-web inventory. A quick list of to-dos:
- Follow best practices for passwords. This includes using unique passwords for every site you use. Also, utilize a combination of letters, numbers and characters to make passwords more difficult to crack.
- Use two-factor authentication wherever it’s offered.
- Don’t fall for phishing. Phishing is among the most common ways that hackers gain access to account details. So don’t open attachments or comply with requests from sources you don’t absolutely know you can trust. Never give out your account information or passwords.
There’s plenty more to learn about staying safe online. For that, you can look to Lunarline, which helps companies of all types train their employees to follow best cybersecurity practices.
Contact us online today to find out about how we can help.