A look into the pricing of stolen identities for sale on dark web

January 22, 2021

After a data breach, much of that stolen personal and sometimes highly personally identifiable information (PII) is sold on markets residing within the dark web. But, how much does the sale of stolen information work, exactly, and how much money are criminals making from stolen data?

Comparitech researchers analyzed listings across 40+ dark web marketplaces gathering data on how much stolen identities, credit cards and hacked PayPal accounts are worth to cybercriminals.

Here are some key findings:

Americans have the cheapest "fullz" (full credentials e.g. SSN, name, DOB etc), averaging $8 per record. Japan and the UAE have the most expensive identities at an average of $25. Not all fullz are the same. While SSN, name, and DOB are all fairly standard in fullz, other information can be included or excluded and thereby change the price. Fullz that come with a driver’s license number, bank account statement, or utility bill will be worth more than those without, for example. Some fullz even include photos or scans of identification cards, such as a passport or driver’s license.
Prices for stolen credit cards range widely from $0.11 to $986. Hacked PayPal accounts range from $5 to $1,767.
The median credit limit on a stolen credit card is 24 times the price of the card.
The median account balance of a hacked PayPal account is 32 times the price on the dark web.

Credit cards, Paypal accounts, and fullz are the most popular types of stolen information traded on the dark web, but they’re far from the only data worth stealing, says Comparitech. Other types of stolen information usually for sale are: passports, driver’s licenses, frequent flyer miles, streaming accounts, dating profiles, social media accounts, bank accounts, and debit cards.

This data - most often stolen through phishing, credential stuffing, data breaches, and card skimmers - is bought and sold on dark web marketplaces. Here’s a few tips for avoiding those attacks, from Comparitech researchers:

There’s not much an end user can do about data breaches except to register fewer accounts and minimize your digital footprint.
Keep an eye out for card skimmers at points of sale, particularly unmanned ones such as those at gas stations.
Learn how to spot and avoid phishing emails and other messages.
Credential stuffing can be avoided by using strong, unique passwords on all of your accounts.

For the full blog, please visit https://www.comparitech.com/blog/vpn-privacy/dark-web-prices/

In today's world of growing dependence on digital landscape expansion, companies are becoming more reliant upon cloud-based security services that protect both the company and customers they service.

Join a fast-paced webinar on October 7 when 3xLOGIC’s experts discuss the many advantages of cloud surveillance. Learn why end users are demanding cloud solutions, and how this can empower business owners to view, manage, and share video from anywhere, at any time, on any device.

Poll

Which metric comparing peer organizations to yours would be most beneficial for your security program?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

A look into the pricing of stolen identities for sale on dark web

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

A look into the pricing of stolen identities for sale on dark web

Related Articles

Related Products

Related Events

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.