Threat Intelligence

How much hackers ask for your personal data in 2021

July 16, 2021 by Miklos Zoltan

2020 was quite rich in data breaches. It could be partly related to an increased usage of hacker groups as a weapon by autocratic nations; however, the main motive of many of these breaches was profit.

Hackers targeted major companies and governmental agencies, such as NASA, Lockheed Martin, Colonial Pipeline, Microsoft, T-Mobile and McDonald’s, as well as cybersecurity companies, such as FireEye and SolarWinds. They also stole personal data like banking cards, logins, passwords, IDs and more — from wherever they can get them.

Selling data on the dark web

This information is often obtained directly from your devices through activities, such as phishing, visiting a malicious website or installing a malicious app, or through data leaks from a service provider, such as a car dealer, utility provider or online store. Once hackers gather a large enough database, they put it on sale via various dark web marketplaces.

The price varies depending on the quality of data, the supply and how difficult it is to obtain.

Some dark web vendors accumulate more than a thousand sales in just a year with hundreds of positive reviews. As the supply grows, dark web marketplaces start to obtain a reputation and even mimic traditional marketing techniques such as “buy two and get 1 for free.”

Most payments are made in Monero instead of Bitcoin, and all communications go through PGP encryption.

Here is a sample index of average prices for different dark web products from Privacy Affairs.

Bank cards, social media and other services’ accounts

Banking information

  • Stolen credit cards and banking logins cost $25-$40
  • Bank account logins or cards with a balance of $1,000-$5,000 cost $150-$240 (The price also depends on the origin country. For example, Israel’s banking card details cost around $65, mainly due to lower supply.)
  • The price for stolen crypto accounts is usually higher — $300-$800.

Social media, email and other accounts

  • For hacked social media accounts, sellers ask around $35-$65
  • Email accounts cost more — up to $80
  • Various databases with thousands to millions of email addresses cost only $10
  • A private dentists’ database costs $50, and the U.S. voter database is $100
  • The price for a thousand followers, likes or shares varies between $5 and $25
  • Credentials for services such as Uber or Netflix sell for around $5-$50
  • An eBay account with a high reputation might reach $1,000
  • Adobe Creative Cloud accounts sell for about $160

Scans of documents and physical copies

  • Scanned copies of driver’s licenses of different states cost $20-$80
  • Check and utility bill templates cost $15-$40
  • Selfie with ID and foreign passports cost $100
  • For a physical forged national ID, hackers ask on average $150, but in some cases, up to $500
  • Passports cost more $4,000-$6,500

Malware and DDOS attacks

Prices for access to malware-installed computers vary by quality, speed, success rate and region. 

  • A thousand installs of slow low-quality malware dispersed globally cost $50. In Europe, they sell for $320. In the Anglosphere nations, they sell for $900.
  • Medium quality malware installs with a 70% success rate sell for $80, $500 and $1,400 across those same locations. 
  • High-quality malware installs sell in the range of $1,200 and $2,500, depending on region and age. The special premium option costs $5,000, and Android installs cost $900.

DDOS attack categories range in the duration of an attack and the protection of the targeted site. For an unprotected website, an attack with 10,000 to 50,000 requests per second costs:

  • $15 for one hour
  • $50 for 24 hours
  • $500 for one week
  • $1,000 for one month

A 24-hour attack for a premium protected website using multiple elite proxies costs $200.

Additional dark web information

For more information on the dark web, explore different hacking communities selling services.

You can also read about when Infosec bought and dissected a phishing kit, or watch the full video presentation below, Cybercrime at scale: Dissecting a dark web phishing kit, featuring Infosec Security Engineer Cameron Bulanda and Solution Engineer Kevin Angeley.

Cybercrime at scale: Dissecting a dark web phishing kit

Posted: July 16, 2021
Miklos Zoltan
View Profile

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography. Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and “geeky” topics into easy-to-understand guides and tutorials.