Dark Web Market Price Index: 2019 Report

This 2019 update to the Price Index shows hacked accounts are still cheap on the dark web: even big brands like Apple, Fortnite, Netflix and Airbnb cost less than $15.
Simon Migliano

UPDATED 1 Sep 2021 to consolidate all 2019 data and reformat for improved user experience.

Key Findings

2019 Report

  • $1,250: average value of the online identity of an individual in the U.S. on the dark web. For UK residents, it was £770.
  • Amazon: most valuable brand on the dark web. Accounts selling for over $30 on average followed by Best Buy log-ins ($27) and eBay ($22)
  • Games and streaming: Fortnite log-ins at $11 three times as valuable as Netflix, Minecraft, Spotify and similar accounts that typically sell for sub-$4
  • Apple: losing its lustre with scammers, as value of accounts drops 26% to $11

2019 Mid-Year UK Update

  • £2,400: average value of the online identity of an individual in the UK on the dark web.
  • Price spike: up 200% on average since the start of the year
  • Notable price surges: Airbnb (£20), Facebook (£14) and PayPal (£84.50)
  • Bank details: value surges threefold to over £1,000 per hacked account

Introduction

We extended our analysis this year from three to five of the biggest black markets on the dark web, making this edition of the Dark Web Market Price Index the most comprehensive yet.

Read all our research reports on the dark web trade in hacked personal data

Our analysis of the trade in stolen online credentials and personal data revealed individual hacked accounts for brands with recent privacy or security woes have become significantly more appealing to fraudsters.

Despite these individual price increases, we found the value of someone’s entire online identity remained around the $1,200 mark. For UK residents it was a little less at around £800.

Also steadily increasing value to cybercriminals were accounts for online services which have become a part of everyday life in recent years, such as Netflix and Uber, which along with gaming phenomenon Fortnite all sell for around $11 each on the dark web.

US & UK Highlights

The following table pulls out some of the most notable prices for accounts that a resident of the US or the UK might expect to have.

Individual accounts marked with US or UK are based on data applicable to that country only, otherwise prices in GBP have been converted from USD at the FX rate at the writing, $1.31.

Price change is difference in average price between 2018 and 2019, where 2018 data is available.

Jump to full Price Index

With a horror year receding in the rearview mirror, hacked Facebook accounts have almost doubled in value since this time last year to just over $9 (or around £7) after falling out of favor following the data breach affecting 50 million accounts. Stolen Amazon credentials have also rocketed in value, worth over three times as much year-over-year at $30 (or around £14.50 for UK accounts) to be the most valuable brand on the dark web.

It’s not surprising that stolen financial account details remain a mainstay on the dark web markets and typically command the highest prices – especially high-balance bank account and debit card details, which change hands for close to $260. For UK bank accounts, prices are even higher at almost £348.

However, the trade in entertainment accounts with less immediately obvious value for identity thieves continues to flourish. Accounts for games and streaming services including Spotify, Tidal, Steam and Minecraft typically sell for less than $4 (or sub-£3), cheaper than a Big Mac.

The average person has dozens of accounts which form their online identity, all of which can be hacked and sold. Our team of security experts reviewed tens of thousands of listings across five of the most popular dark web markets – Dream, Wallstreet, Empire, Berlusconi and Tochka Free. These sites deliberately obscure themselves from the public and can only be accessed through the Tor browser, preferably also with a VPN (Virtual Private Network) for added security. They are often used to buy and sell personal data, along with other contraband including weapons and illicit drugs.

We focused on listings featuring stolen ID, personal data and hacked accounts for this update to the Dark Web Market Price Index. We excluded massive data ‘dumps’ to avoid distorting average prices, as individual accounts in these dumps equate to tiny fractions of a cent each. Our analysis has shown that it would cost only $1,250 to buy up the entire identity of someone in the US, assuming that they had all the accounts listed. In the UK, that figure is around £800.

Why did we publish this research? By showing how much fraudsters are willing to pay for stolen credentials, our goal is to raise awareness about the value of our personal data. We hope this will lead to a rise in standards of day-to-day personal information security for the average internet user.

PROTECT YOURSELF: A VPN provides important protection against online identity theft. If you don’t know where to start with choosing a VPN, take a look at this list of the best VPN services or our ExpressVPN review, as it’s currently our highest-rated VPN.

UPDATE Jun 2019: we published a follow-up to the full 2019 report that focused on UK data. Jump straight to those findings.

Dark Web Market Price Index 2019

US Data

The following table shows average prices for US stolen ID, personal data and hacked accounts for sale on the dark web. It’s ordered by category, most valuable to least valuable.

UK Data

The following table shows average prices for UK stolen ID, personal data and hacked accounts for sale on the dark web. It’s ordered by category, most valuable to least valuable.

Analysis

The following section analyzes current dark web prices for hacked accounts and explores why credentials for individual brands are currently valued as they are. It incorporates both US and UK data.

Find out more about how different types of hacked credentials can be used for fraud in the common scams section of our Dark Web Prices research hub.

Personal Finance

The trade in stolen financial details has long been the heart of the dark web’s economy. Credit card, debit cards, bank details and online payment accounts are listed in vast quantities and can command the highest prices, particularly when the lure of a high value balance is present.

Most fluctuation in this area is caused by where hackers have the most success in finding account details with high balances.

In last year’s Price Index, PayPal‘s average price of $247 was inflated by the number of accounts listed with balances in excess of $10,000.

This year, it’s listings for hacked bank accounts and debit card details where we found the highest balances.

Prices have inflated further as sellers demand a larger percentage cut of the balance. Accounts now sell for 20% or even 30% of the balance, compared to 5-10% previously. This has driven the average price up to $260, suggesting the increasing difficulty of stealing this data. In the UK, this is even higher at £348.

The current scarcity of high-balance PayPal accounts is also likely due at least in part to eBay starting to eBay transition away from PayPal as its main payment processor last year.[1] The two companies have long gone hand-in-hand (eBay accounted for 50% of PayPal’s profits in 2014[2]) and eBay is a common use case for hacked PayPal accounts. If it becomes harder to exploit these accounts it is likely that their average price will continue to fall.

Back to the Index

Proof of Identity

One of the more popular kinds of listing advertises “fullz”, which are bundles of “full” identifying data.[3] Listings for fullz often advertise an individual’s name, address, mother’s maiden name, social security number, date of birth, credit reports and other forms of personal data. [Note: where related financial account details such as credit cards were included with fullz we considered these to be personal finance listings].

Bringing down the price this year was a wider tendency to sell passport scans and other forms of ID in bulk.

Back to the Index

Online Shopping

The average shopping account sells for between $10 and $20 in the US, with the most expensive being Amazon ($30) and Best Buy ($26.50), both of whom have huge high-value inventories.

Stolen US Amazon accounts have tripled in price, which may be in anticipation of a wider rollout for Amazon Go. Thieves would potentially be able to wander in, fill a trolley and leave without detection.

Prices for stolen Best Buy accounts have more than doubled in the aftermath of a chat bot breach that exposed credit card details.[4]

In the UK, there’s some irony in that budget supermarket Morrison’s accounts (£16) were the most expensive on the dark web in this category. This was likely due to the potential for exploiting its rewards system.[5] At £14.50 on average, Amazon UK credentials were less pricey than those for US accounts.

Back to the Index

Delivery

Fraudsters have been caught setting up complex scams involving stolen Paypal and eBay accounts that they use to buy expensive electronics. A hacked FedEx account for $11 could be the missing piece of the puzzle that allows them to get their hands on the goods, which they would usually resell.

Back to the Index

Travel

The average value of hacked accounts for travel brands more than doubled year-over-year, due to the high value transactions associated with the category. There also remains plenty of scope for the abuse of such accounts.

British Airways accounts are typically associated with Avios airmiles that can be used on multiple airlines. Credentials more than quadrupled in value to £32 following its huge data breach last year.[6]

Uber accounts jumped 60% compared to last year to over $11 as they become more ubiquitous in our daily lives, making it less likely that fraudulent transactions will be spotted as quickly.

Back to the Index

Communication

Mobile phone carrier accounts are mostly getting cheaper. Verizon has fallen 20% in price, while AT&T’s average cost has halved.

This price fall may be due to the growing move away from using text messages as two-factor authentication. SMS has been repeatedly shown up as an insecure form of two-factor authentication and as companies continue to pivot away from using it these accounts will become less useful to hackers.[7][8][9]

Back to the Index

Social Media

Facebook ($9) spent much of 2018 under siege from the media and western governments and the value of its accounts slumped accordingly on the dark web.

However, just as its stock price recovered, so too has the dark-web worth of hacked accounts for the social media giant. It’s clear that despite the popularity of #DeleteFacebook, there’s plenty of mileage yet in the social media platform.

Back to the Index

Software

Subscription-based software is also making its first appearance on the Dark Web Market Price Index. The listings – largely for security software – we found are exclusively pitched as being for personal use rather for further fraud.

Back to the Index

Food

These accounts aren’t used for identity fraud so much as straightforward theft.

It follows then that hacked accounts for a delivery platform like Grubhub would be the most valuable at $9. There are reports of accounts being exploited by hackers for up to $180 in a single order.[10] Log-ins for Deliveroo, a similar service in the UK, trade for £3.

It is also interesting to see what kind of food the average dark web criminal likes best: unsurprisingly, mostly pizza and burgers, with the most popular stolen accounts for sale including Pizza Hut and Domino’s.

Back to the Index

Dating

The most commonly hacked dating accounts remain Match.com ($7) and Plenty of Fish ($4).

Prices remain relatively low despite the potential for “catfishing” on top of identity theft, as buying genuinely hacked accounts is a costly and ineffective method to do this compared to simply starting a new account with fake pictures.

Back to the Index

Entertainment

Prices are steadily rising for these accounts and are even beginning to rival hacked financial accounts in terms of sheer volume (and variety) of listings.

Joining global megabrands Netflix ($11) and Apple ($11) as the most desirable accounts is Fortnite ($11). The gaming phenomenon is unique in that despite being free to play, hacked accounts may include valuable in-game perks that would otherwise be difficult to obtain.

It’s common for vendors of stolen streaming services to offer “lifetime accounts”. This is a form of warranty under which buyers can switch to freshly stolen accounts every time they are locked out of their previous account by its legitimate owner.

Back to the Index

News/Magazine

This is the first time that accounts for newspapers and magazines have appeared in the course of our research. The majority of the hacked accounts we found in this category were being sold by a single seller on Dream Market, the dark web’s biggest market.

Back to the Index

Email

Hacked email accounts tend to be sold either in massive dumps from large scale data breaches or as small batches of verified emails. We even found some individual verified emails for sale. For the purposes of the Price Index, we disregarded dumps as unit prices work out at tiny fractions of a cent each and the accounts in these dumps are not guaranteed to be accessible or even valid.

Verified emails on the other hand trade for a few dollars each. That may not seem much for an account that can act as a skeleton key to your online life, however increasing adoption of two-factor authentication keeps overall prices relatively low.

Gmail accounts trade for well over five times as much as they did last year, however, due to the vulnerability of accounts using SMS for 2FA.

Back to the Index

Mid-Year UK Update

This June 2019 update of the Price Index comes at a unique time, following the takedown of two major dark web markets in quick succession by the authorities and a sharp spike in prices.

In order to assess the potential impact of this on consumers, we have reviewed a selection of the most important hacked log-ins and accounts to track their changing value to identity thieves.

Alarmingly, the prices have increased on average by almost three times compared to the start of the year, meaning that someone’s entire identity could potentially now be worth £2,400, up from around £800 at the start of the year.

Stolen consumer data is more lucrative for hackers and cybercriminals than ever before. This should serve as notice for everyone to be on their guard against identity theft, or risk becoming a victim.

Notable price surges include Airbnb (£20), Facebook (£14) and PayPal (£84.50) due to the sheer scope of potential fraud that can be committed by scammers in possession of these accounts.

Dark Web Market Price Index

Stolen ID, personal data and hacked accounts for sale

Analysis

In this section we explore what’s behind pricing movements. For more information about how these accounts are used in fraud, read about Common Scams.

The value of bank accounts on the dark web has almost tripled in just six months. This increase is likely driven by a range of factors. The fall of two big markets in such a short time, along with the likely subsequent arrest of key vendors, has caused a major – if temporary – reduction in easy availability of all accounts. Those sellers still active can therefore charge a premium.

We are also seeing in increase in listings that not only offer online banking credentials and relevant personal information but also full packages including debit cards, PINs, and for mobile banking services such as Monese, a burner phone and SIM to access them.

We are also currently seeing more hacked bank accounts for sale that have high balances, giving criminals access to thousands of pounds instantly.

Hacked credit cards are the bread and butter of the dark web economy in stolen data and prices remain stable at around £33 per account. Our data focuses solely on genuinely hacked accounts, as opposed to fraudulently-opened new credit cards using stolen identities.

Debit cards are similarly priced at around £46. The higher value is because it’s easier to realize the value of debit cards into cash, and because accounts with high balances are being put up for sale more often.

Paypal has long been a favorite for online fraud. The recent surge in pricing for these accounts to around £84.50 each is likely due to the squeeze in supply caused by the disappearance of two major dark web markets, along with the growth of PayPal Credit.

Hacked PayPal personal and business accounts can be used to set up PayPal Credit accounts with high credit limits, which are then either drained or sold on for a huge profit. PayPal Credit accounts with high limits in the tens of thousands that have been created in this way sell for an average of £3,000, and as much as £12,000 each.

Genuine physical identity documents, such as passports and drivers licenses, are incredibly valuable for identity theft. Stolen documents of this nature – intercepted in the mail, for example, or stolen and sold to criminals by corrupt officials – fetch very high prices. UK passports, marriage and birth certificates all trade for around £2,000, but can fetch as much as £5,000.

Passport scans sell for only a fraction of the price due to their digital nature and the greater risk of not being accepted. They are typically sold in batches of ten scans or more for around £22 each.

In the travel category, prices for British Airways accounts have increased since the mega breach the airline suffered last year, where the payment and passport details of 380,000 customers were stolen.[6] The value of accounts increase in line with the total number of air miles available. Double the points typically equals double the price tag. The current rate is just 18p per 100 air miles.

Prices for hijacked Facebook accounts continue to enjoy a resurgence as it becomes increasingly clear that the platform’s 2.38 billion users aren’t abandoning it any time soon, despite the scandals that have rocked the social media giant.

As with Facebook, Netflix and Spotify log-ins offer a route into potential identity theft. An added bonus is that opportunistic criminals can also stream TV shows and movies and music for free, at least until the true owner notices their account has been compromised.

The continued growth in the value of streaming accounts reflects just how ubiquitous they have become.

Similarly, accounts for news sites like The Times and The Economist give the buyers access to high-quality media that’s otherwise locked behind a paywall. Prices have increased significantly in a short space of time, suggesting that there is strong demand for these accounts – although it does remain a niche offering on the dark web markets.

Looking to online retail, stolen accounts for budget supermarket Morrison’s (£16) are actually more expensive than those of its more upmarket competitors due to the potential for exploiting its rewards system.

This is four times the cost of high-end grocer Ocado (£4) for example, while Tesco accounts are least appealing, priced at less than a £1 each.

Given that pricing reflects demand, Ocado and Tesco accounts have proven less profitable for scammers in the past, likely due to better security, less lucrative rewards schemes or fewer vulnerable stored payment methods.

Hacked email accounts tend to be sold either in massive dumps from large scale data breaches or as small batches of, or even individual, verified emails.

Unit prices on the dumps work out at tiny fractions of a penny each to account for the risk that most won’t be accessible or even valid.

Verified emails, such as Yahoo and Gmail, on the other hand, trade for a few pounds each. The increasing adoption of two-factor authentication keeps overall prices relatively low.

Methodology

For the February 2019 report, our team reviewed all fraud-related listings on five of the largest dark web markets: Dream, Wallstreet, Empire, Berlusconi and Tochka Free. Relevant listings were collated and categorized in order to calculate average sale prices. We excluded large-scale ‘dumps’ to maintain the integrity of the data. Dark Web Market Price Index 2019 – Raw Data.

For the mid-year update, the team reviewed fraud-related listings on three of the largest remaining active dark web markets: Berlusconi, Tochka and Nightmare. Dark Web Market Price Index – June 2019 UK Update Source data.

Average prices per item for digital items only (ie excluding physical documents) were compared to the relevant entries from the Feb 2019 Index to calculate the price change as percentage difference. The average of these latest percentage changes was applied to the most recent price index total to provide an estimated new price index total.

The authors of all our investigations abide by the journalists’ code of conduct.

References

[1] https://www.ebayinc.com/stories/news/ebay-to-intermediate-payments-on-its-marketplace-platform/

[2] https://www.recode.net/2018/1/31/16957212/ebay-adyen-paypal-payments-agreement

[3] https://venturebeat.com/2015/02/08/fullz-dumps-and-cvvs-heres-what-hackers-are-selling-on-the-black-market/

[4] https://www.pymnts.com/news/security-and-risk/2018/best-buy-payments-data-breach-malware/

[5] https://forums.moneysavingexpert.com/showthread.php?t=5893844

[6] https://www.theguardian.com/business/2018/sep/07/ba-british-airways-customers-hacked-credit-card-details-dark-web

[7] https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin

[8] https://www.theregister.co.uk/2018/08/01/reddit_hacked_sms_2fa/

[9] https://arstechnica.com/information-technology/2018/11/millions-of-sms-texts-in-unsecured-database-expose-2fa-codes-and-reset-links/

[10] https://abc7chicago.com/technology/grubhub-user-claims-hacker-ordered-feast-to-another-state/1648468/