Our personal information has real value on the dark web because it can be used fraudulently in such a wide variety of ways to make a profit at your expense. Some of the more common scams are listed below, organized by type of hacked account.
Hacked Skype accounts have previously been used to spam people with phishing links that mimic LinkedIn and Baidu messages.
Another common scam is exploiting mobile phone carriers to get around two-factor authentication and into bank accounts.
Fraudsters have been caught setting up complex schemes involving stolen Paypal and eBay accounts that they use to buy expensive electronics. A hacked DHL account could be the missing piece of the puzzle that allows them to get their hands on the goods, which would be typically resold.
Log-ins for everyday services like Netflix and Spotify primarily offer a route into potential identity theft, since it remains so common for people to reuse their passwords.
By gaining one set of valid credentials, hackers use software to automate checking that log-in against thousands of other online services. This is known as “credential stuffing”. The results will either be used for identity theft or sold on the dark web for a profit.
An added bonus is that opportunistic criminals can also stream TV shows and movies and music for free, at least until the true owner notices their account has been compromised.
Hacked Spotify accounts can also be used in click fraud. A Bulgarian scammer notoriously gamed the Spotify royalties system in 2017 to pocket $1M, however there is evidence that similar schemes continue to operate using compromised Spotify accounts.
These services have an added appeal for hackers: as well as opportunities for identity theft and swiping stored credit card details, they can also enjoy expensive blowouts, often with top shelf alcohol jacking up the bill, on someone else’s dime.
Accounts for services like Fitbit are a potential treasure trove of intimate personal information and health data uploaded from users’ wearable devices. Compromised account owners even become vulnerable to burglary or home invasion once criminals gain access to live and historical GPS location data.
Genuine physical identity documents, such as passports and drivers licenses, are incredibly valuable for identity theft. Typically this means fraudulently opening lucrative lines of credit in the passport-holder’s name, which is then swiftly drained, leaving the unwitting victim with a huge debt.
Stolen documents of this nature – intercepted in the mail, for example, or stolen and sold to criminals by corrupt officials – fetch very high prices.
Passport scans sell for only a fraction of the price due to their digital nature and the greater risk of not being accepted.
Accounts for brands like Amazon and Bestbuy are popular with fraudsters thanks to the prevalence of multiple stored payment methods, typically both credit and debit cards. Not only can they buy a huge range of costly items for resale but also high value gift cards to redeem on their own accounts.
The sheer scale and impersonal nature of Amazon and big box stores’ operations also make them appealing for scams.
Hacked eBay accounts are also particularly attractive as not only do they allow criminals to dupe buyers into sending them money for fake listings but also to buy expensive goods with the account owner’s funds to intercept and sell on.
Fraudsters also buy eBay accounts in the hope of gaining access to associated PayPal accounts.
Stolen credit and debit card data, along with bank and online payment account details, have long been the most popular items for sale on the dark web markets. The lure of high account balances to cash out and access to new lines of credit understandably allows these items to always command the highest prices.
A concerning new trend is for hacked debit card data for high-balance accounts to be bundled with SIM cards and cryptocurrency accounts. These all-in-one fraud packages permit scammers to SIM-jack the account  and drain the funds into the intermediary crypto account, where the stolen cash is easily laundered.
Paypal has long been the scammer’s favorite. High balance accounts can be siphoned off directly, however as PayPal accounts are also often connected to multiple cards and bank accounts, thieves may also have access to significantly greater funds. This functionality also means that PayPal accounts are also typically used as “middleman” accounts to facilitate all sorts of online scams.
Fraudsters in possession of a hacked PayPal account can also try to double their money by using the account funds to run various well-established chargeback scams on merchants who accept PayPal.
Hacked Facebook accounts offer three routes to profit for cybercriminals. First, they are an incredibly rich source of personal information that can be used to facilitate identity theft, helping criminals answer security questions for example.
Compromised accounts may also provide access to stored payment information used for Facebook game and marketplace transactions.
Finally, as with most online accounts, fraudsters bank on the fact that many people still reuse passwords across multiple accounts, especially those they use often like Facebook.
Compromised Airbnb accounts can be used to create bookings for houses which criminals then burgle, while hacked hosts on the same app can be used for phishing.
There have also been reports of hackers changing hosts payment details in order to steal their earnings.
There have been frequent reports of scammers using hacked Uber accounts for expensive trips, in place as far afield as Russia and Arizona. This cheeky scam is made simple thanks to the requirements for a credit card or PayPal account to be stored in the account.
Gaining access to other travel accounts, such as Booking.com, gives criminals the opportunity to send bogus emails tricking people into making high value payments related to their travel arrangements, as well stealing their credit card details.