Identity Theft Trends in 2019
We extended our analysis this year from three to five of the biggest black markets on the dark web, making this edition of the Dark Web Market Price Index the most comprehensive yet.
Our analysis of the trade in stolen online credentials and personal data revealed individual hacked accounts for brands with recent privacy or security woes have become significantly more appealing to fraudsters.
Despite these individual price increases, we found the value of someone’s entire online identity remained around the $1,200 mark. For UK residents it was a little less at around £800.
Also steadily increasing value to cybercriminals were accounts for online services which have become a part of everyday life in recent years, such as Netflix and Uber, which along with gaming phenomenon Fortnite all sell for around $11 each on the dark web.
Hacked Accounts: Notable Findings
The following table pulls out some of the most notable prices for accounts that a resident of the US or the UK might expect to have.
Individual accounts marked with US or UK are based on data applicable to that country only, otherwise prices in GBP have been converted from USD at the FX rate at the writing, $1.31.
Price change is difference in average price between 2018 and 2019, where 2018 data is available.
With a horror year receding in the rearview mirror, hacked Facebook accounts have almost doubled in value since this time last year to just over $9 (or around £7) after falling out of favor following the data breach affecting 50 million accounts. Stolen Amazon credentials have also rocketed in value, worth over three times as much year-over-year at $30 (or around £14.50 for UK accounts) to be the most valuable brand on the dark web.
It’s not surprising that stolen financial account details remain a mainstay on the dark web markets and typically command the highest prices – especially high-balance bank account and debit card details, which change hands for close to $260. For UK bank accounts, prices are even higher at almost £348.
However, the trade in entertainment accounts with less immediately obvious value for identity thieves continues to flourish. Accounts for games and streaming services including Spotify, Tidal, Steam and Minecraft typically sell for less than $4 (or sub-£3), cheaper than a Big Mac.
The average person has dozens of accounts which form their online identity, all of which can be hacked and sold. Our team of security experts reviewed tens of thousands of listings across five of the most popular dark web markets – Dream, Wallstreet, Empire, Berlusconi and Tochka Free. These sites deliberately obscure themselves from the public and can only be accessed through the Tor browser, preferably also with a VPN (Virtual Private Network) for added security. They are often used to buy and sell personal data, along with other contraband including weapons and illicit drugs.
We focused on listings featuring stolen ID, personal data and hacked accounts for this update to the Dark Web Market Price Index. We excluded massive data ‘dumps’ to avoid distorting average prices, as individual accounts in these dumps equate to tiny fractions of a cent each. Our analysis has shown that it would cost only $1,250 to buy up the entire identity of someone in the US, assuming that they had all the accounts listed. In the UK, that figure is around £800.
Why did we publish this research? By showing how much fraudsters are willing to pay for stolen credentials, our goal is to raise awareness about the value of our personal data. We hope this will lead to a rise in standards of day-to-day personal information security for the average internet user.
PROTECT YOURSELF: A VPN provides important protection against online identity theft. If you don’t know where to start with choosing a VPN, take a look at this list of the best VPN services or our ExpressVPN review, as it’s currently our highest-rated VPN.
UPDATE Jun 2019: we published a follow-up to the full 2019 report that focused on UK data. Jump straight to those findings.