What's Your Digital Data Worth?

Your complete digital life, including data from your social media accounts, banking and credit card details, can be sold by cyber criminals for less than $50.

Researchers at Kaspersky Lab, a leading cybersecurity company in Russia, found that while our identity may not be worth a lot in terms of dollars, it is a significant asset to criminals in other ways. The research uncovered an appetite among cybercriminals for data stolen from popular services, including via social media accounts and remote access to gaming websites. 

User confusion about what their data is worth could result in a haphazard approach to security, making it all too easy for thieves to steal data and commit crime.

Data stolen due to people's lax security may have limited resale value, but can be put to many uses.
This can cause huge problems for an individual victim, who may lose money and their reputation, find themselves being chased for debt that somebody else has incurred in their name, or even suspected of a crime that somebody else has committed using their identity as a cover. 

Kaspersky Lab investigated Dark Web markets to find out how much personal data is worth, and how it is used by criminals.
The dark web, also referred to as the darknet, is an encrypted portion of the internet that is not indexed by search engines. These networks use the internet but require specific software, configurations, or authorisation to access. 

The researchers found that criminals can sell someone's complete digital life for less than $50; including data from stolen social media accounts, banking details, remote access to servers or desktops, and even data from popular services like Uber, Netflix, and Spotify, as well as gaming websites, dating apps, and porn websites which might store credit card information.
Meanwhile, researchers found that the price paid for a single hacked account is lower, with most selling for about USD 1 per account, and with criminals offering up discounts for bulk-buying. 

The most common way criminals steal this sort of data in the first place is via spear phishing campaigns or by exploiting a web related security vulnerability in an application's software.

After a successful attack, the criminal gets password dumps which contain a combination of emails and passwords for the hacked services. With many people using the same password for several accounts, attackers might be able to use this information to access accounts on other platforms too.

Some criminals selling data even provide their buyers with a lifetime warranty, so if one account stops working, the buyer will receive a new account for free.

"It is clear that data hacking is a major threat to us all, and this applies at both an individual and societal level, because stolen data funds many social evils," said David Jacoby, Senior Security Researcher at Kaspersky Lab. 

"Fortunately, there are steps we can take to prevent it, including by using cybersecurity software, and being aware of how much data we are giving away for free, particularly on publicly available social media profiles, or to organisations," said Jacoby.

People can avoid such risks by taking several easy security steps, which should become an integral part of any Internet user's digital life. 

To stay safe from phishing, always check that the link address and the sender's email are genuine before clicking anything. A robust security solution will also warn you if you attempt to visit a phishing web page. 

To avoid one data leak harming all your digital identities, never use the same password for several websites or services, researchers said.

Economic Times

You Might Also Read:

Buy A Dark Web Passport Scan For $15:

« Are Bank-backed Cryptocurrencies The Real Future Of Blockchain?
Hackers Are Targeting Young Video Gamers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

Axur

Axur

Discover and eliminate digital fraud and risks on the web. Utilize Axur’s entire AI potential, along with thousands of bots dispersed throughout the surface web as well as the deep and dark web.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Synagex

Synagex

Synagex Modern IT is a simple IT and cybersecurity solution for businesses.