Dark Web Market Price Index 2018 Report

UPDATED 1 Sep 2021 to consolidate all 2018 data and reformat for improved user experience.

$1,200: average value of the online identity of an individual in the U.S. when traded by cybercriminals on the dark web. For UK residents, the value of their online accounts was around £800.
Paypal: most valuable hacked account credentials on the dark web at $247 on average.
Apple: Most expensive brand log-in details for sale. At $15.39, it was slightly more valuable than a Macy’s log-in ($15.34).
eBay: Most expensive non-finance account details for UK users at £26.

Identity Theft Trends 2018

Your entire online identity could be worth less than $1,200 to hackers, according to our research into the illicit sale of stolen personal data on the dark web. While it may be no surprise to learn credit card details are among the most traded items of personal data, we also found that fraudsters are hacking Uber, Airbnb and Netflix accounts and selling them for less than $10 each.

We also found that for someone in the UK, the value of the online identity was little more than £800.

See all our research into dark web prices for hacked personal data

Everything has a price on the dark web it seems. Paypal accounts with a healthy balance attract the highest prices ($247 on average). At the other end of the scale though, hacked Grubhub or Walmart online store accounts sell for less than $10. Would-be scammers can easily spend more on their lunchtime sandwich than on buying up stolen customer log-ins for online stores like Costco ($5) and ASOS ($2).

It’s a similar story for online accounts for UK users, with Paypal the most valuable at £280 and hacked Deliveroo and Tesco user accounts changing hands for less than £5. Online shopping accounts like Argos (£3) and ASOS (£1.50) were even cheaper still.

Value of hacked online account when traded on the dark web

The average person has dozens of user accounts that form their online identity, all of which can be hacked and sold — putting themselves at risk of the consquences of identity theft.

Our team of security experts reviewed tens of thousands of listings on three of the most popular dark web markets: Dream; Point and Wall Street Market. These encrypted websites, which can only be reached using the Tor browser and ideally using a VPN (Virtual Private Network) for additional privacy, allow criminals to anonymously sell stolen personal data, along with all sorts of other contraband, such as illicit drugs and weapons.

We focused on listings featuring stolen ID, hacked accounts and personal data to create the Dark Web Market Price Index. We calculated average sale prices for items relevant to U.S. consumers and found that $1,170 is all it would cost to buy up someone’s entire online identity if they were to have all the listed items. This figure was £820 for UK consumers.

We did this research to help the public understand just how much their personal data is worth. Our hope is that by raising awareness, it will encourage people to improve their day-to-day online security practices.

EXPERT TIP: A VPN offers vital protection against identity theft. If you aren’t sure where to begin, read our guide to choosing the best VPN services or our review of ExpressVPN, our highest-rated VPN.

Dark Web Market Price Index 2018

The following table shows average prices for U.S. stolen ID, personal data and hacked accounts for sale on the dark web. It’s ordered by category, most valuable to least valuable.

The following table shows average prices for UK stolen ID, personal data and hacked accounts for sale on the dark web. It’s ordered by category, most valuable to least valuable.

Analysis of Dark Web Market Prices

The following section analyzes current dark web prices for hacked accounts and explores why credentials for individual brands are currently valued as they are. It incorporates both US and UK data.

Find out more about how different types of hacked credentials can be used for fraud in the common scams section of our Dark Web Prices research hub.

Personal Finance

Hacked financial details are by far the most commonly listed items, credit cards in particular, and the most valuable. Selling prices tend to be 10% of the available credit balance, however we found credible examples of Paypal listings asking double that, suggesting high current demand for these accounts.

Proof of Identity

The high prices for passports scans, selfies and utility bills reflect the importance of such items in fraudulently accessing lines of credit.

Online Shopping

There may be a big step down in price but hacked online shopping accounts offer plenty of opportunity for fraud. Most change hands for less than $10, some for much less than that.

Amazon and Bestbuy accounts are more likely to come with stored payment details and are priced accordingly.

Hacked eBay accounts are also particularly attractive as not only do they allow criminals to dupe buyers into sending them money for fake listings but also to buy expensive goods with the account owner’s funds to intercept and sell on.

Travel

Hacked Airbnb accounts ($8/£6) are among the most valuable in this category due to the rich opportunity for scams they open up for the buyer.

Uber credentials change hands for $7 (£5) as they can be used as burner accounts for pricey trips.

Entertainment

Stolen Apple log-ins trade for over $15 thanks to the lucrative demographic of Apple customers and the high probability of stored payment details.

Netflix accounts may be much less valuable than Apple but at $8 (£6) are much pricier than the rest of the log-ins in this category, whose low cost reflects the lower likely rate of return on the investment and limited capacity for re-use.

Communication

Mobile phone accounts are a treasure trove of fraud opportunities, especially given the use of SMS messages for bank account verification, for example. T-Mobile, featured here with an average price of $10.51 (£7.57), was recently hacked.^[1]

Delivery

Fraudsters have been caught setting up complex scams involving stolen Paypal and eBay accounts that they use to buy high-value items.

A hacked DHL account justifies its $10.40 price tag as it allows criminals to get their hands on the goods, which they would usually resell for a profit.

Social

Facebook logins at $5.20 (£3.75) sell for more than double other social media accounts due to the greater potential for offering up enough personal data to help gain access to more directly lucrative accounts or commit identity theft.

Email

Strong security on Gmail, such as two-factor authentication and suspicious login warnings, push the price down to just $1 compared to other providers, as access can be swiftly revoked, rendering the hacked details useless.

Food Delivery

Food delivery services like Grubhub ($9) and Deliveroo (£4) are more valuable than individual food brands, as they are offer a much wider range of food, along with stored payment details. There are many reports of scammers running up huge food and alcohol bills via this type of hacked account.

Dating

These types of listings came out with the lowest average price in our index, which reflects their limited use to criminals.

Of course as with most items in our index, there is the potential to mine the account for personal info to enable identity theft. The bottom line though is that hackers will try to sell whatever they have got in the hope of realizing some value from their criminal activity.

Methodology

Our team reviewed all fraud-related listings on three of the largest dark web markets, Dream, Point and Wall Street Market over 5-11 February, 2018. Relevant listings were collated and categorized in order to calculate average sale prices.

Dark Web Market Price Index – Feb 2018 – Raw Data.

The authors of all our investigations abide by the journalists’ code of conduct.

References

^{[1] https://motherboard.vice.com/en_us/article/wjx3e4/t-mobile-website-allowed-hackers-to-access-your-account-data-with-just-your-phone-number ↩}

Dark Web Market Price Index: 2018 Report