Your entire online identity could be worth less than $1,200, according to our research into the illicit sale of stolen personal info on the dark web. While it may be no surprise to learn credit card details are among the most traded, we also found that fraudsters are hacking Uber, Airbnb and Netflix accounts and selling them for less than $10 each.
We also found that for someone in the UK, that figure was little more than £800.
Everything has a price on the dark web it seems. Paypal accounts with a healthy balance attract the highest prices ($247 on average). At the other end of the scale though, hacked Grubhub or Walmart accounts sell for less than $10. Would-be scammers can easily spend more on their lunchtime sandwich than buying up stolen customer logins for online stores like Costco ($5) and ASOS ($2).
It’s a similar story for UK accounts, with Paypal the most valuable at £280 and hacked Deliveroo and Tesco accounts changing hands for less than £5. Online shopping accounts like Argos (£3) and ASOS (£1.50) were even cheaper still.
The average person has dozens of accounts that form their online identity, all of which can be hacked and sold.
Our team of security experts reviewed tens of thousands of listings on three of the most popular dark web markets, Dream, Point and Wall Street Market. These encrypted websites, which can only be reached using the Tor browser and ideally using a VPN (Virtual Private Network) for additional privacy, allow criminals to anonymously sell stolen personal info, along with all sorts of other contraband, such as illicit drugs and weapons.
We focused on listings featuring stolen ID, hacked accounts and personal info to create the Dark Web Market Price Index. We calculated average sale prices for items relevant to US consumers and found that $1,170 is all it would cost to buy up someone’s entire identity if they were to have all the listed items. This figure was £820 for UK consumers.
We did this research to help the public understand just how much their personal data is worth. Our hope is that by raising awareness, it will encourage people to improve their day-to-day online security practices.