Skip to main content

Your personal data is for sale on the dark web. Here’s how much it costs

Ever wondered how much your personal data could be sold for on the dark web? A recently published report from online privacy and cybersecurity resource VPNOverview seems to answer that question (and others) in depth.

Titled “In the Dark,” the report offers detailed price breakdowns of different kinds of stolen personal information, including financial accounts and cards, social media accounts, bank details, phone numbers, credit histories, passports, drivers licenses, and even access to breached databases. The report also mentions certain websites on the dark web that act as marketplaces for stolen personal information, such as Financial Oasis and PayPal Cent.

Related Videos

For personal information related to financial accounts and cards, the report offers a list of different kinds of example accounts and cards (PayPal, Cashapp, Amazon gift cards), pairs them with certain values (usually the current balances of these accounts) and then provides the price at which a hacker would sell this information. For example, personal information for a PayPal account valued at $12,000 would then be sold for $1,200. And surprisingly, bank cards valued within a range of $800 to$1,000 would only be sold for $79.

The report also notes how much it would cost to gain access to a person’s social media accounts, personal information (which apparently includes names, addresses, credit histories, and phone numbers), and bank details. To gain access to someone’s social media accounts, VPNOverview asserts that someone can purchase that access “for as cheap as $12.99.” A victim’s personal information can be sold at a price ranging from $40 to $200. And bank details have a price range of $50 to $200. And we haven’t gotten to the insane stuff yet.

VPNOverview’s report also includes price breakdowns for what appears to be forged passports, drivers licenses, and ID cards for 19 countries. The forged documents are a “combination of accurate personal information and a convincing forgery.” For example, according to the report, a forged U.S. passport would cost $777, and a passport plus a driver’s license would cost $888. Similarly, a U.S. passport and an ID card would also cost $888. But a combination of all three documents (a passport, ID card, and a driver’s license) would cost $999.

But the report’s investigation didn’t stop there. The most interesting tidbit was left for close to the end of the report and involved something on everyone’s minds lately: Data breaches. Apparently hackers can also sell access to the breached databases of various companies. And the report actually lists a few companies with breached databases, the costs for access to these databases, and the number of records a person would have access to once they purchased that access. For example, according to the report, the entertainment app Dubsmash had a data breach and access to Dubsmash’s breached database costs $4,995. And that price gets you access to 15,500,000 records. Other companies with breached databases up for sale include Armor Games, MyFitnessPal, and MyHeritage.

In an emailed statement sent to Digital Trends, comments from VPNOverview’s cybersecurity analyst, David Jansen, shed a little light on why VPNOverview researched all this in the first place.

“We conducted this research into the dark web to raise awareness of the dangers of identity theft and to help educate the public on the serious risks surrounding your digital security and online identity,” Jansen explained. “Our findings show that thieves and hackers could easily gain access to your most important accounts and spill your information on the dark web, where it is sold for next to nothing and used for all sorts of malicious purposes. The large-scale availability of stolen and counterfeit passports, driver’s licenses, and online accounts leaves us all vulnerable to identity fraud and cybercrime.”

Editors' Recommendations

Hackers just stole LastPass data, but your passwords are safe
A physical lock placed on a keyboard to represent a locked keyboard.

The developers behind password management software LastPass have just shared some concerning news: Bad actors were recently able to access “elements of our customers’ information” in a recent security breach.

It’s the second time in just a couple of months that LastPass has suffered a security incident, and it appears the two events are directly linked. That’s because LastPass’s developers say that the unauthorized party was able to access customer data “using information obtained in the August 2022 incident.”

Read more
This free service just hit a huge website security milestone
global internet usage one zettabyte computer server room information cloud web net

One of the most important security features that protect your personal data as you browse and interact with various websites is enabled by a free service from a company called Let's Encrypt. As the name implies, this involves encrypting data to make it more difficult for your information to be intercepted in a readable form.
Website encryption is incredibly important on shopping websites since you usually need to fill out a form with your email address, shipping address, and phone number in order to get updates on the order status and receive the items you've ordered. Even more sensitive than your contact information and address, your payment information is needed to pay for that awesome, new tech, kitchen gadget, or toy.

In the early internet, encryption wasn't as common as it is today, and Let's Encrypt has played a huge role in making website security universal across the World Wide Web. Starting in 2015, Let's Encrypt took steps to ease the burden of encryption which came at a significant cost that was prohibitive for small businesses compared to the relative ease of creating a website today. Beyond the expense of ordering a Secure Sockets Layer certificate (SSL), which could cost hundreds of dollars each year, it wasn't easy to install this technology on a website. That meant most small websites were not encrypted.

Read more
Major tax services are sending your data to Meta and Google
fake irs emails are delivering dangerous new malware this tax season 1040 form being filled out

A new report claims that Meta's tracking Pixel has been used to collect your financial information when using popular tax filing services to send in your return. This is disturbing news for taxpayers that likely assumed these online tax services were keeping such information locked up securely.

The types of data collected vary but are said to possibly include your filing status, adjusted gross income (rounded to the nearest thousand), and the amount of your refund (rounded to the nearest hundred). This information would be quite useful in targeting advertising to those with disposable income and help determine which people to target when tax refunds arrive. As if this wasn't bad enough, your name, phone number, and the names of dependents such as your children are being obfusticated then sent to Meta by some tax filing services. According to the report by The Markup the obfustication is reversible.

Read more