This section analyzes current dark web prices for hacked accounts and examines why the credentials for individual brands command their price tag. Our analysis is organized by category.
Find out more about how different types of hacked credentials can be used for fraud in the common scams section of our Dark Web Prices research hub.
Stolen credit and debit card data, along with bank and online payment account details, remain the most popular items for sale on the dark web markets. The lure of high account balances to cash out and access to new lines of credit understandably allows these items to always command the highest prices.
The vast majority of debit card details are now part of expensive bundles, unlike in previous years, ratcheting up the average price ($1,307).
At the very highest end of the pricing spectrum, hacked debit card data for high-balance accounts bundled with SIM cards and cryptocurrency accounts change hands for up to $4,600 compared to just $17 for standard debit card details.
The value of hacked PayPal accounts ($11) continues to drop due to the scarcity of high balances compared to previous years amid the overall glut in listings for this venerable brand.
Instead, hacked account details for newer instant cash transfer services such as Cash App ($47) and to a lesser extent, Venmo ($14) have become more appealing as they become increasingly popular with small businesses and consumers.
Regardless of the individual service, hacked web wallets remain a mainstay of the dark web markets as they are central to so many scams.
Hacked Verizon accounts ($102.50) are almost ten times more expensive than last year as they are currently being bundled with associated personal data, such as Social Security Number (SSN), Zip Code, and date of birth, and therefore tailor made for identity theft and account takeovers.
Prior to the pandemic, Skype accounts ($7) were worth little more than a dollar. However, with the newfound reliance around the world on video calls, Skype log-ins are suddenly much more appealing to cybercriminals.
The longstanding scam where phishing links are sent via hacked Skype accounts to the account holder’s entire contact list, has more potential to be lucrative given the increased use of the platform during the pandemic.
With the world population in varying states of lockdown since March 2020, online shopping activity has soared, with two-and-a-half times more orders than before the pandemic.
This increased activity is a boon to would-be fraudsters, with consumers more likely to create accounts with individual retailers and store payment details for more frequent orders. With more overall activity, fraudulent orders are less easy to spot, especially if account holders are less experienced online shoppers forced into new behavior by the pandemic.
Online retail accounts are currently selling for between $4 and $15, with the most expensive being Wowcher ($15), eBay and Amazon (both $14.50).
The 53% drop in price of hacked Amazon accounts compared to last year may well be due to Amazon tightening its controls following the discovery of a massive fraud last year. Despite this, Amazon accounts remain valuable to would-be fraudsters due to the high likelihood of stored payment details and sheer scope for scams.
Note the average price for Amazon accounts in general is slightly higher than for Amazon Prime Video ($13), as a number of cheaper listings for the streaming-only version of the service (ie lacking the full Prime membership benefits) brought down its average.
The collapse of the international travel industry due to the global pandemic may have killed off the trade in hacked airline accounts, however the rise in staycations in its place means that compromised Airbnb ($13.50) accounts have actually increased in value to scammers.
Health & Wellness
Unable to visit gyms and stuck at home for months on end, locked down populations around the world have increasingly turned to a range of apps and services to maintain their physical and mental health.
High-end subscriptions, such as increasingly popular Peloton ($18) that also requires a $2,000 exercise bike, mark out the owner as a potentially lucrative target for fraud and are priced accordingly on the dark web markets.
Wellness apps like Headspace ($7) are proving popular with scammers, partly because they are “fresh blood” but also due to the demographic of their users, who have the disposable income to pay for such services even during these economically uncertain times, making them appealing targets for identity theft.
Food delivery is another category of stolen log-ins now commanding higher prices on the dark web as usage of these services soars due to the coronavirus pandemic keeping people indoors.
Instacart ($22) accounts are the most expensive, which could be due to shoppers being more likely to store payment details for convenience’ sake when they are making multiple orders per week, as well as the range of stores from which it delivers.
Services like Drizly ($13.50) give scammers free alcohol as well as users’ personal data.
Despite a major breach earlier this year, the price of hacked individual Facebook accounts is relatively stable at $8 on the dark web marketplaces.
Hacked streaming and gaming accounts continue to proliferate on the dark web with prices correcting to around the $7 mark after the temporary squeeze on supply forced up prices last year. Amazon Prime Video is worth around double that at $13.50 as it’s often part of the broader Amazon Prime shopping account.
Interesting outliers in the category include the subscription-based content platform OnlyFans ($16), most known for people charging their followers a monthly fee for adult content. It’s been flooded with new content creators hoping to make a living since the pandemic caused mass layoffs.
Hacked email accounts tend to be sold either in massive dumps from large scale data breaches or as individual verified emails. As with previous editions of the Price Index, we disregarded dumps as unit prices work out at tiny fractions of a cent each while the accounts constituting these dumps are not guaranteed to be accessible or even valid.
Verified emails on the other hand trade for anything up to ten dollars each. Gmail ($6) in particular can be used in dot account scams or as part of more complex fraud and identity theft, thanks to the use of email as security for so many third-party accounts.
We are also seeing student emails ($6) specifically due to the authority of the “.edu” address.
Subscription-based security software that we found is typically for personal use rather than for further fraud. Hackers use stolen VPN accounts that can’t be tracked back to them to disguise their IP addresses whilst they are carrying out illegal activities.
Hacked anti-virus software appeals to cheapskates who don’t want to pay for their own license and those who want to avoid signing up with their own details.
With millions of people around the world stuck at home, with many on furlough, online learning and self-improvement platforms have enjoyed a surge in popularity as people look for new ways to relieve the tedium.
At one end of the spectrum is MasterClass ($6), whose glossy, star-studded platform and expensive annual subscription has been attracting increasing numbers from a highly appealing demographic for hackers looking for potentially lucrative identity theft.
At the other is the more prosaic Udemy ($3), whose technical courses cost as little as $10 and thus attract a more diverse user base.