A recent independent investigation carried out by Top10VPN has revealed a huge surge in the value of hacked log-in details on the dark web. Prices of consumer data found on three different dark web markets have risen by an average of 200% since the beginning of 2019, which means an individual’s identity could now be worth as much as £2,400 – three times as much as it was before.
Simon Migliano, Head of Research at Top10VPN, revealed on BBC Watchdog on Wednesday 5 June that there were some notable price surges for specific log-ins, some of the biggest being for Airbnb, Facebook, and PayPal. This is due to the scope of potential fraud that could be carried out by scammers with access to these accounts.
The average sale price of PayPal personal account details has soared by over 500% since the start of the year to £84.48. PayPal Credit accounts with high limits (usually in the tens of thousands) sell for an average of £3,000, but can go for anywhere up to £12,000 each.
PayPal accounts are a longtime favourite of scammers due to their versatility. Accounts with high balances can be siphoned off directly, and any hacked account can be used to scam online merchants who accept payment via PayPal. What’s more, because so many people link various cards and bank accounts to their PayPal accounts, hackers could potentially gain access to a much wider range of funds.
Airbnb accounts increased in value by over 300%, going from £4.78 in February to just under £20 in June, as the summer holiday season approaches. The accommodation marketplace is becoming increasingly popular with scammers, as it can be used to commit many different acts of fraud. Among the most common are creating bookings for properties which criminals then burgle, and listing fake luxury properties in order to wrongfully charge consumers large sums.
Top10VPN’s findings revealed that Facebook log-in details also doubled in average price, and are now worth just under £14 each. There are a few reasons that cybercriminals are so interested in Facebook accounts – the main one being that they are an extremely rich source of personal details that could be used to answer security questions to other, more valuable, accounts.
Hacked Facebook accounts may also provide fraudsters with access to any stored payment details linked to that account, used for marketplace and game transactions. Finally, many scammers rely on the well-known fact that people reuse the same passwords for several different accounts, so by gaining one set of credentials, they may be able to access someone’s online banking, for example.
Simon Migliano explained to Watchdog that the average person has dozens of accounts which, put together, form their complete online identity, and all of these can be hacked and/or sold.
There are many ways you can protect yourself, such as using a good VPN and deleting any old accounts, and you can also use Have I Been Pwned to check if any of your accounts have been compromised. You should also ensure you use unique passwords and enable two-factor authentication on all accounts that offer it.