How Stealing, Selling Personal Data Has Become a Lucrative Business | eWeek

How Hackers Make Big Bucks Stealing, Selling Personal Information

1088_HackerBucks
Aug 10, 2017
4 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


How Hackers Make Big Bucks Stealing, Selling Personal Information

How Hackers Make Big Bucks Stealing, Selling Personal Information

Personal information was stolen 30 times a minute in 2016. While people are becoming more aware that failing to properly password-protect access to sensitive digital materials can have severe consequences, many are still in the dark. The damage of having one’s identity stolen or having financial or health records purloined can take months or years to repair. On average, hackers make $40.75 per hour. Working 40 hours each week, that’s nearly $85,000 tax-free per year. These data purchases by hackers happen in the dark web. In this eWEEK slide show, password manager and secure digital vault provider


 Keeper Security

 explains how hackers make their money and how much stolen data is worth.


What Is the Dark Web?

What Is the Dark Web?

Accessed only by using special software that hides the identity of visitors, the dark web is a vast marketplace for anything and everything illegal. Much of it looks very familiar, like any other e-commerce site. Sellers often have ratings given by previous buyers, and you can even purchase software to set up your own hacking business.


Why Hackers Love Ransomware

Why Hackers Love Ransomware

Since 2010, it’s been estimated that hackers have stolen more than $107 billion, with $16 billion of that being in 2016 alone. The rise of ransomware has been a major factor in the level of funds that have been stolen. This is because 70 percent of ransomware victims pay to unlock their device, and this payment can average more than $1,000 (up 266 percent from 2015).


Advertisement

Email Addresses and Passwords

Email Addresses and Passwords

Email addresses provide hackers with a wide variety of opportunities. If criminals obtain access to this information, they can conduct a full email account takeover and push a targeted phishing campaign to the user’s contact list. Although emails are normally connected to other, more valuable accounts, these attacks can be easily discovered and can also be shut down quickly. As such, email addresses and passwords run between 70 cents to $2.30 per credential.


Credit Cards

Credit Cards

As when buying anything else online, when purchasing stolen credit cards on the dark web, hackers can specify the type of card (Amex, Visa, etc.); the CVVs, or three-digit code on the backs of cards; whether you want associated login and password information; names; expiration dates; credit scores; Social Security numbers; mother’s maiden name; credit limits; date of birth; specific geographies of usage; and so on. The cost varies with the information the buyer wants but averages between $8 to $22 per card. Criminals can click “buy now,” download the stolen goods, and off they go.         


PayPal Credentials

PayPal Credentials

Increasingly, hackers are targeting password-protected online payment service accounts. Unlike with credit cards where the cost per card is determined by the different factors the buyer selects, the cost of this stolen data is related largely to the balances in the online accounts. Average PayPal credentials can cost hackers $1.50 per login, and, as you might expect, the price for bank login credentials is another matter. They can be had for as little as $100 for access to accounts with $2,000 or less. Or they can cost upward of $1,000 for access to accounts with $15,000 or more.


Complete Medical Records

Complete Medical Records

Compared with bank and credit card details, medical records have more permanent information. These contain highly sensitive material about an individual’s health history. As such, they can be used to blackmail individuals; to publicly humiliate certain people; to undertake massive insurance fraud with fake claims; and to create many other forms of chaos and harm to victims. Like other stolen digital data, the cost of health records is subject to the same supply-demand dynamics as any other traded goods. In fact, a stolen electronic medical record can fetch as little as $100 and up to $1,000 on the dark web.


Advertisement

Driver’s Licenses

Driver’s Licenses

A lost driver’s license may not appear to be dangerous. But what people might not understand is that a license number is unique and similar to a passport number. These documents come with access to birthdays, addresses and personal characteristics, and they can fetch $20 on the dark web.


Social Security Numbers

Social Security Numbers

While most consumers worry that Social Security numbers are the holy grail, this information is readily available to cyber-criminals and, as such, only cost $1 on the black market. This is because they can only be used in the United States, and while they offer access to the majority of a person’s information, they are not globally acceptable to hackers.


Spotify, Netflix and Hulu Accounts

Spotify, Netflix and Hulu Accounts

Social media profiles are normally free accounts and do not have any payment information associated. Streaming services, on the other hand, require a monthly fee. When stolen, this gives criminals potential access to credit card or banking information. Spotify and Hulu accounts run on average $2.75, while Netflix login details can reach up to $3.


Why This Will Continue to Happen

Why This Will Continue to Happen

Incentives for stealing this data and then selling it to the highest bidders will remain in place for the foreseeable future. Perhaps the single best defense for individuals seeking to protect these assets remains high-quality, virtually bullet-proof passwords, and the right security “hygiene” to stop the hackers cold.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.