A Kaspersky report says criminals are selling a single person’s entire digital identity on the dark web for under $50, with some of them using sales techniques not unlike your average high street retailer.
The Secure List study said that a $50 digital identity package would typically include stolen data from popular services including breached social media profiles, banking details, remote access to desktops, gaming website accounts, dating apps, porn sites, and data from popular services such as Uber, Netflix, and Spotify.
Researchers found the price paid for a single breached account can be as low as $1 each, with criminals offering discounts for buying in bulk or even a “lifetime warranty” so that if an account stops working they’ll be offered a new one for free.
The Kaspersky report said that due to there being so many breached accounts in circulation, dark web market prices have dropped
The price of a stolen medical record, for example, was between $70 and $100 each in 2016, but their prices slipped due to there being so many in circulation, according to Dark Web News.
Stolen medical info have a higher demand on the dark web and can be worth ten times more than credit card numbers, according to Jean-Frederic Karcher, head of security at Maintel.
“Fraudsters can use this data to create fake IDs to buy medical equipment or drugs, or combine a patient number with a false provider number and file fictional claims with insurers,” he said, as quoted by The Independent.
In comparison, something like stolen PayPal credentials or Netflix subscriptions can go for as little as 50 cents.
David Jacoby, senior security researcher at Kaspersky Lab, said data from popular services is the most popular type of data being sold in the black market.
“When investigating hacked accounts from popular services it’s almost impossible to compile valid data because there are so many black-market vendors selling this stuff. It is also difficult to verify the uniqueness of the data being sold,” he said in a blog post.
“Most people aged between 15 and 35 have registered for over 20 different online services and maybe use only about 10 on a regular basis, making it easier for hackers to go unnoticed and make their money.”
Criminals commonly steal digital identity data through spear-phising or by exploiting vulnerabilities in a web application’s software and obtaining a password dump, Jacoby added.
Kaspersky Report: PayPal Account Worth as Little as 50c
Despite the resale value of personal data being relatively low, criminals still have an appetite for it and put it to use, the firm said, causing problems for the victim.
“Individuals whose data has been stolen could lose money, face a damaged reputation, be held liable for debt that somebody else incurred in their name, or even be accused of a crime that somebody else has committed using their identity as a cover,” the firm said.
And the increasing number of connected devices available to and owned by the consumer is making it all the more easy for the cyber criminals, it added.
Kasperky also said this week that more than half of Europeans don’t know the value of their personal data.
From a study involving more than 7,000 consumers from European nations, 59 percent acknowledged that companies can make money by selling personal data, while 50 percent didn’t know how much their data is worth to those companies – or criminals.