Security Market Segment LS
Friday, 17 July 2020 06:09

Privacy firm finds oceans of personal data for sale on the dark Web at knockdown prices Featured

Privacy firm finds oceans of personal data for sale on the dark Web at knockdown prices Image by Gerd Altmann from Pixabay

Genuine information about a vast number of people is available on the dark Web for very low prices, the firm PrivacyAffairs says, adding that given this availability it was easy to fake the identity of many individuals.

The firm, which styles itself as a source of data privacy and cyber security research, information, and advice, provided iTWire with a range of prices for various forms of identity and personal information that its researchers had found on the dark Web.

PrivacyAffairs researcher Miguel Gomez said in a detailed blog post that the reputation enjoyed by the dark Web — as a place where any kind of nefarious activity could take place — was more than justified.

"The privacy offered by software such as Tor (a browser that can be used to surf the dark Web) creates an environment where criminals can sell their wares without being worried about law enforcement," Gomez said.

"What’s more, many would have heard the horror stories of people’s bank accounts being cleaned out, or their identity stolen and turning up in custody in Mexico. Again, it is not unjustified horror."

The company has just four staff: Joe Robinson, the chief editor and cyber security expert; Gomez, the head of research and also a cyber security expert and analyst; Bogdan Patru, the research co-ordinator and Alex Popa, a news writer.

The PrivacyAffairs research turned up the following prices for different "products". Gomez said the search had been limited to products and services relating to personal data, counterfeit documents, and social media.

Credit card data

Cloned Mastercard with PIN US$15 (A$21)

Cloned American Express with PIN US$35

Cloned VISA with PIN US$25

Credit card details, account balance up to US$1000 US$12

Credit card details, account balance up to US$5000 US$20

Stolen online banking logins, minimum US$100 on account US$35

Stolen online banking logins, minimum US$2000 on account US$65

Walmart account with credit card attached US$10

Payment processing services

Stolen PayPal account details, minimum US$100 US$198.56

PayPal transfer from stolen account, US$1000 – US$3000 US$320.39

PayPal transfers from stolen account, US$3000+ US$155.94

Western Union transfer from stolen account, above US$1000 US$98.15

Forged documents US driving license, average quality US$70

US driving licence, high quality US$550

Auto insurance card US$70

AAA emergency road service membership card US$70

Wells Fargo bank statement US$25

Wells Fargo bank statement with transactions US$80

Rutgers State University student ID US$70

US, Canada, or Europe passport US$1500

Europe national ID card US$550

Social media

Hacked Facebook account US$74.5

Hacked Instagram account US$55.45

Hacked Twitter account US$49

Hacked Gmail account US$155.73

Instagram followers x 1000 US$7

Spotify followers x 1000 US$3

Twitch followers x 1000 US$6

Tik Tok followers x 1000 US$15

LinkedIn followers x 1000 US$10

LinkedIn company page followers x 1000 US$10

Pinterest followers x 1000 US$5

Soundcloud plays x 1000 US$1

Daily Motion views x 1000 US$2

Twitter retweets x 1000 US$25

Instagram likes x 1000 US$6


Global low-quality, slow speed, low success rate x 1000 US$70

Europe low-quality, slow speed, low success rate x 1000 US$300

US, CA, UK, AU low quality, slow speed, low success rate x 1000 US$800

Global medium quality, 70% success rate x 1000 US$80

Europe medium quality, 70% success rate x 1000 US$700

US only medium quality, 70% success rate x 1000 US$900+

US, CA, UK, AU medium quality, 70% success rate x 1000 US$1300

Europe fresh high-quality x 1000 US$2300

Europe aged high-quality x 1000 US$1400

US high-quality x 1000 US$1700

CA high-quality x 1000 US$1500

UK high-quality x 1000 US$2000

Android x 1000 US$600

Premium x 1000 US$6000

DDoS attacks

Unprotected website, 10-50k requests per second, 1 hour US$10

Unprotected website, 10-50k requests per second, 24 hours US$60

Unprotected website, 10-50k requests per second, 1 week US$400+

Unprotected website, 10-50k requests per second, 1 month US$800+

Premium protected website, 20-50k requests per second, multiple elite proxies, 24 hours US$200

Gomez said the forged documents on offer had a variety of guarantees and were available with any details chosen by the buyer. "With just a few pieces of real information about someone, a criminal could create a whole file of official documents to be used for all sorts of fraudulent activities. This one way in which an identity is stolen," he remarked.

When it came to counterfeit banknotes, these were extremely common, mainly in US$20 or US$50 denominations.

"We came across USD, EUR, GBP, CAD, AUD most often," Gomez commented. "Some come with a UV pen test guarantee. The 'quality' ones tend to cost around 30% of the banknote value."

He observed that offers to break into accounts or sell them were relatively scarce. "Perhaps [this is] due to a lack of demand for the product coupled with increased security practices," he noted. "Hackers trying to get the social media credentials from their victims mostly have to resort to using social engineering techniques, which have a very high effort input to relatively low success ratio.

"The extremely low cost for social engagement should seriously make you question an account’s validity before blindly trusting their wealth of social currency."

Gomez said for the average person, underground market data wasn’t necessarily going to provide much use as they were unlikely to be shopping around for stolen card data or PayPal accounts.

"Though this is true, the prices at which these items sell provide a powerful perspective," he added. "If someone gets their hands on your financial details or social media credentials, the prices mentioned above are basically what it’s worth to them. There’s a good chance that you value these things much more than they do, as to them you’re just another mark for a quick buck.

"For far less than the amount your data would sell for on the blackmarket, you can protect it from ever having to reach their hands with a couple of simple rules and habits. With this knowledge, there’s no excuse not to do what you can to protect your data."

He offered the following tips for people to avoid identity fraud:

  • "When answering your phone, make sure to never give sensitive information (such as your social security number, your debit card number, passwords) to anyone regardless of whether this is a requirement for some process. If it’s that important, do it in person.
  • "Whenever you visit an ATM, check the card reader doesn’t have a skimmer. Skimmers read a card before it’s inserted into an ATM, providing a criminal with a clone of your card’s magnetic strip. This is enough to recreate your card from a 'blank'. Press around the sides of the card port and see if anything feels loose. Skimmers are often made to imitate the material around the ports, but they’re delicately mounted so they’ll move when pressed with a small amount of pressure. Check for glue around the edges or tape. If you see any glue material, stay away from that ATM and call the bank. Similarly, if you have difficulty putting your card into the machine, stop trying and stay away from it.
  • "Check an ATM’s keypad by slightly lifting around its edges. Fake keypads are sometimes placed over the legitimate one to record your PIN number. They’re often very loosely mounted. If it jiggles around a bit or if you notice the keypad is off-center, you should avoid using it.
  • "Check often for malware on your computer to ensure that your data isn’t being recorded as you input it. Use anti-malware tool such as AVG, and make sure it’s set to automatically update.
  • "Avoid public or unsecured Wi-Fi. If you must log into an account on a network you don’t 100% trust, use a virtual private network to encrypt all communications. Even bank websites can be forged to be almost undetectable if an attacker has administrative access to the network you’re using.
  • "Delete accounts you don’t think you’ll use anymore. Old accounts can be compromised and this leads to problems in the future. However, this is only really an issue if you use the same password for multiple accounts.
  • "Never use the same password for multiple accounts. This is the easiest way for an attacker to gain access. When a major list of account details is dumped on the dark web, your account details can be checked against other services such as email or banking, and you really don’t want them to have the same password.
  • "Use a password manager such as LastPass or Keepass (both free) and you’ll always have super strong security for all your accounts but only need to remember one master password."
Read 3615 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News