Cyber-criminals could sell someone’s complete digital life – including social media accounts, banking details, app data, gaming accounts and even remote access to servers or desktops – for less than $50 on the dark web, according to a new study from Kaspersky Lab.
The research is based on an investigation of dark web markets, revealing that the price paid for a single breached account is even lower – at about $1 each. Many criminals sell accounts in bulk and some even offer a “lifetime warranty,” so if an account a buyer has purchased stops working, they receive a new one for free.
Although the resale value of stolen data is low, cyber-criminals can still use it in many ways, from stealing money to committing crimes under the disguise of someone else’s identity.
What started as an inquiry into how much our lives are worth, David Jacoby, senior security researcher at Kaspersky Lab, set out to understand the dollar value placed on our stolen data. Jacoby not only considered our personal possessions but also factored in the private information we share on social media, our medical history and even aspects of our childhood. The research found that our identities can be stolen for mere pittance.
In largely rudimentary but effective attacks, hackers are stealing data from popular services like Uber, Netflix and Spotify.
In one dark web forum, Jacoby found a Swedish passport for sale to the tune of $4000, and the vendor was reportedly offering up passports for almost every country in Europe. Even utility bills and fake invoices were up for grabs.
“It is clear that data hacking is a major threat to us all at both an individual and societal level, because stolen data can be used for many nefarious activities,” said Jacoby in a press release.
“Fortunately, there are steps that we can take to prevent this, such as using cybersecurity software and being aware of how much data we are giving away for free – particularly on publicly available social media profiles.”