A recent independent investigation carried out by Top10VPN.com has revealed a huge surge in the value of hacked log-in details on the dark web. Prices of consumer data found on three different dark web markets have risen by an average of 200% since the beginning of 2019, which means your identity could now be worth as much as £2,400 (~$3,000) – three times as much as it was before.
Simon Migliano, Head of Research at Top10VPN.com, revealed on BBC Watchdog on Wednesday 5 June that there were some notable price surges for specific log-ins, some of the biggest being for Airbnb, Facebook, and PayPal. This is due to the scope of potential fraud that could be carried out by scammers with access to these accounts.
The average sale price of PayPal personal account details has soared by over 500% since the start of the year to £84.48 (~$105) PayPal Credit accounts with high limits (usually in the tens of thousands of dollars) sell for an average of £3,000 (~$3,747), but can sell for as much as £12,000 (~$15,000) each.
PayPal accounts are a longtime favourite of scammers due to their versatility. Accounts with high balances can be siphoned off directly, and any hacked account can be used to scam online merchants who accept payment via PayPal. What’s more, because so many people link various cards and bank accounts to their PayPal accounts, hackers could potentially gain access to a much wider range of funds.
Airbnb accounts increased in value by over 300%, going from £4.78 (~$6) in February to just under £20 (~$25) in June, as the summer holiday season approaches. The accommodation marketplace is becoming increasingly popular with scammers, as it can be used to commit many different acts of fraud. Among the most common are creating bookings for properties which criminals then burgle, and listing fake luxury properties in order to wrongfully charge consumers large sums.
Top10VPN.com’s findings revealed that Facebook log-in details also doubled in average price, and are now worth just under £14 (~$17.50) each. There are a few reasons that cybercriminals are so interested in Facebook accounts – the main one being that they are an extremely rich source of personal details that could be used to answer security questions to other, more valuable, accounts.
Hacked Facebook accounts may also provide fraudsters with access to any stored payment details linked to that account, used for marketplace and game transactions. Finally, many scammers rely on the well-known fact that people reuse the same passwords for several different accounts, so by gaining one set of credentials, they may be able to access someone’s online banking, for example.
Simon Migliano explained to Watchdog host Steph McGovern that the average person has dozens of accounts which, put together, form their complete online identity, and all of these can be hacked and/or sold.
The situation isn’t hopeless, though – there are many ways you can protect yourself. One of the most effective solutions can be to use a good VPN. While your online accounts can still be hacked via ‘brute force’, wherein the hacker simply tries a variety of credentials over and over, a VPN will keep your information safe should you be using an insecure website or public WiFi connection.
It’s strongly recommended you use a good password manager, too, such as LastPass or 1Password. These sites can generate extremely complex, secure passwords that are unique to each site and service you use, while keeping them all protected behind one master password.
Two-factor authentication is also essential. Providing you maintain a decent level of sensibility and awareness, two-factor authentication should make any account with it activated virtually unhackable.
Connected accounts require a second, randomly generated password to be entered every time you login – these passwords change every 30 seconds and can only be accessed from within a mobile app installed on your smartphone. Google Authenticator and Authy are two popular and safe options.
If you’re unsure if you’ve been affected, enter your email into the website Have I Been Pwned to check if any of your accounts have been compromised. It will tell you whether any services or mailing lists you are subscribed to have had data breaches which could have exposed your information, as well as whether or not your email appears on any widely circulated public databases.