Darknet Market Price Index: 2018 Report
The Price Index tracks the dark web trade of stolen personal data. It includes hacked log-ins, including dating profiles, streaming services, online stores and even Airbnb.
UPDATED 1 Sep 2021 to consolidate all 2018 data and reformat for improved user experience.
- $1,200: average value of the online identity of an individual in the U.S. when traded by cybercriminals on the darknet. For UK residents, the value of their online accounts was around £800.
- Paypal: most valuable hacked account credentials on the darknet markets at $247 on average.
- Apple: Most expensive brand log-in details for sale. At $15.39, it was slightly more valuable than a Macy’s log-in ($15.34).
- eBay: Most expensive non-finance account details for UK users at £26.
Identity Theft Trends 2018
Your entire online identity could be worth less than $1,200 to hackers, according to our research into the illicit sale of stolen personal data on the dark web. While it may be no surprise to learn credit card details are among the most traded items of personal data, we also found that fraudsters are hacking Uber, Airbnb and Netflix accounts and selling them for less than $10 each.
We also found that for someone in the UK, the value of the online identity was little more than £800.
See all our research into darknet market prices for hacked personal data
Everything has a price on the dark web it seems. Paypal accounts with a healthy balance attract the highest prices ($247 on average). At the other end of the scale though, hacked Grubhub or Walmart online store accounts sell for less than $10. Would-be scammers can easily spend more on their lunchtime sandwich than on buying up stolen customer log-ins for online stores like Costco ($5) and ASOS ($2).
It’s a similar story for online accounts for UK users, with Paypal the most valuable at £280 and hacked Deliveroo and Tesco user accounts changing hands for less than £5. Online shopping accounts like Argos (£3) and ASOS (£1.50) were even cheaper still.
The average person has dozens of user accounts that form their online identity, all of which can be hacked and sold — putting themselves at risk of the consquences of identity theft.
Our team of security experts reviewed tens of thousands of listings on three of the most popular darknet markets: Dream; Point and Wall Street Market. These encrypted websites, which can only be reached using the Tor browser and a VPN for additional privacy, allow criminals to anonymously sell stolen personal data, along with all sorts of other contraband, such as illicit drugs and weapons.
We focused on listings featuring stolen ID, hacked accounts and personal data to create the Darknet Market Price Index. We calculated average sale prices for items relevant to U.S. consumers and found that $1,170 is all it would cost to buy up someone’s entire online identity if they were to have all the listed items. This figure was £820 for UK consumers.
We did this research to help the public understand just how much their personal data is worth. Our hope is that by raising awareness, it will encourage people to improve their day-to-day online security practices.
Darknet Market Price Index 2018
The following table shows average prices for U.S. stolen ID, personal data and hacked accounts for sale on the dark web. It’s ordered by category, most valuable to least valuable.
The following table shows average prices for UK stolen ID, personal data and hacked accounts for sale on the dark web. It’s ordered by category, most valuable to least valuable.
Analysis of Darknet Market Prices
The following section analyzes current dark web prices for hacked accounts and explores why credentials for individual brands are currently valued as they are. It incorporates both US and UK data.
Find out more about how different types of hacked credentials can be used for fraud in the common scams section of our Darknet Prices research hub.
Personal Finance
Hacked financial details are by far the most commonly listed items, credit cards in particular, and the most valuable. Selling prices tend to be 10% of the available credit balance, however we found credible examples of Paypal listings asking double that, suggesting high current demand for these accounts.
Proof of Identity
The high prices for passports scans, selfies and utility bills reflect the importance of such items in fraudulently accessing lines of credit.
Online Shopping
There may be a big step down in price but hacked online shopping accounts offer plenty of opportunity for fraud. Most change hands for less than $10, some for much less than that.
Amazon and Bestbuy accounts are more likely to come with stored payment details and are priced accordingly.
Hacked eBay accounts are also particularly attractive as not only do they allow criminals to dupe buyers into sending them money for fake listings but also to buy expensive goods with the account owner’s funds to intercept and sell on.
Travel
Hacked Airbnb accounts ($8/£6) are among the most valuable in this category due to the rich opportunity for scams they open up for the buyer.
Uber credentials change hands for $7 (£5) as they can be used as burner accounts for pricey trips.
Entertainment
Stolen Apple log-ins trade for over $15 thanks to the lucrative demographic of Apple customers and the high probability of stored payment details.
Netflix accounts may be much less valuable than Apple but at $8 (£6) are much pricier than the rest of the log-ins in this category, whose low cost reflects the lower likely rate of return on the investment and limited capacity for re-use.
Communication
Mobile phone accounts are a treasure trove of fraud opportunities, especially given the use of SMS messages for bank account verification, for example. T-Mobile, featured here with an average price of $10.51 (£7.57), was recently hacked.[1]
Delivery
Fraudsters have been caught setting up complex scams involving stolen Paypal and eBay accounts that they use to buy high-value items.
A hacked DHL account justifies its $10.40 price tag as it allows criminals to get their hands on the goods, which they would usually resell for a profit.
Social
Facebook logins at $5.20 (£3.75) sell for more than double other social media accounts due to the greater potential for offering up enough personal data to help gain access to more directly lucrative accounts or commit identity theft.
Strong security on Gmail, such as two-factor authentication and suspicious login warnings, push the price down to just $1 compared to other providers, as access can be swiftly revoked, rendering the hacked details useless.
Food Delivery
Food delivery services like Grubhub ($9) and Deliveroo (£4) are more valuable than individual food brands, as they are offer a much wider range of food, along with stored payment details. There are many reports of scammers running up huge food and alcohol bills via this type of hacked account.
Dating
These types of listings came out with the lowest average price in our index, which reflects their limited use to criminals.
Of course as with most items in our index, there is the potential to mine the account for personal info to enable identity theft. The bottom line though is that hackers will try to sell whatever they have got in the hope of realizing some value from their criminal activity.
Methodology
Our team reviewed all fraud-related listings on three of the largest darknet markets, Dream, Point and Wall Street Market over 5-11 February, 2018. Relevant listings were collated and categorized in order to calculate average sale prices.
Darknet Market Price Index – Feb 2018 – Raw Data.
The authors of all our investigations abide by the journalists’ code of conduct.
References
[1] https://motherboard.vice.com/en_us/article/wjx3e4/t-mobile-website-allowed-hackers-to-access-your-account-data-with-just-your-phone-number ↩