Here is what your stolen data is being sold for on the dark web
Data breaches are everywhere as we are witnessing a spurt in cyber attacks world over. Have you wondered where do all those credit card numbers/medical information/email ids land up? Remember everything online has value and will end up being sold to somebody who is the higher bidder. Whether you are a globally dominant Internet retailer or just a one shop pizza joint, what is of value and is easily marketable is all the PII, PHI, and credit card data they you have on file for your customers or employees. All the stolen data lands up on underground forums hosted on the dark web. Here are the details about how much money your data is able to command on the underground forums.
Credit/Debit card details
A hacker gets around $5 per record for basic account number and expiration date details, which is nothing when you think some of the hacks that have got hundreds of thousands of these records. More comprehensive information can go for $30 per US record, in cases where the data would be expected to be stored in databases for repeat customers, including billing address, CVV2, SSN, etc. Further, the equivalent information can go up to $45 for European details. Even a sole proprietorship that only does business in a 5 mile radius possibly has enough credit card numbers on file to be worth the effort.
Depending on the balance, details on customers’ PayPal (and similar) accounts can go from a low of $50 to as high as $300 per record. That’s mainly scary, as PayPal usually ties to a checking or savings account.
Gift cards are going from between 50 to 65% of their nominal value whether stolen directly or created deceitfully. For individuals, this is basically bad whose gift cards are targeted, as they lose out totally since there is usually nothing they can do to get the monetary value back.
Do you wonder that RFID case is a silly treat? Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. For instance, an attacker can just walk through an airport with a scanner in their bag, long before they would need to clear security, and that they can sell scanned data at up to $2 per record. As a result, it would be better if we can protect all our cards.
Plane or train tickets can go for $10 of face value, and can be easily replicated from online images. Be careful before you Instagram the tickets to your dream vacation, or you could be facing a nightmare!
Hotel loyalty programs
Loyalty programs of well-known hotel chains’ can go for as little as $5 per record to as much as $20 per record. Since you make reservations for others or can gift points, and no one ever reads those monthly points statements too carefully, somebody could easily see the world using someone else’s programs and they wouldn’t come to know about it until it’s time to book their own vacation.
Email ids and passwords
The market for compromised email accounts has dropped. While back in 2007, a hacker could get up to $30 for a single email account, it is like $10 for 1000, on the high end today. Since it is very easy to make people click on the links that install malware on their systems, which can be used to spam others, it makes no sense in getting creds to use the accounts directly.
It is a bad idea to use a lame password on your WoW account, as a stolen gaming account can go for $10 to $15. Once inside, accounts are basically burgled and the virtual goods are sold for profit, leaving your level 27 Ogre bankrupt and out on the virtual street.
Cloud accounts for IaaS
Attackers are leveraging cloud resources to launch attacks, host malware, stand up servers, and get access to more data stored online. On any IaaS service, an admin account could go for $7 to $8 per record. It is strongly recommended to use multi-factor authentication (MFA) for admin accounts. In this space, every single service provides MFA as an option!
HBO GO accounts
Accounts for the popular private cable channel’s streaming service can go for around $10. However, it is guessed that the price could have doubled now since the Game of Thrones Season 6 has debuted!
Sports network streaming service accounts
Accounts used to get access to online streaming of sporting events can go for around $15 per record, depending on the sport, as nobody likes blackouts in their local market.
So, where do the bad guys sell all of this information? There are countless options available to them, from the “Dark Web” to direct handovers to bigger or more organized criminal components. It’s comparatively easy to do this in places like Russia, China, and Brazil, you could perhaps find a place very easily where you can connect anonymously to sell what the information you have got, if you are online and using a service like Tor. While some require a referral from a trusted member, others just need a definite number of stolen accounts be “paid” immediately as the cost of admission.
Nevertheless, if you see that your company’s data has definite value on the black market, it means that you are a target, just like everyone else.