The other day I came across the Dark Web Market Price Index. This is a monthly updated list showing what people are paying on the ‘dark web’ (Dream, Point and Wall Street Market, all of which require the Tor browser) for your log-in details to various websites.
The list of prices is huge. At the top end, Paypal log-in details sell for an average of £280 – that number is driven by a % of the credit balance held in the accounts put up for sale.
At the bottom end, your ASOS log-in details are worth £1.50. Data like this is primarily useful for helping with ID fraud as part of a broader scam and would not necessarily be used to make fraudulent ASOS purchases.
In the travel category, Avios / BA accounts are the clear winner at £6.73 per set of account details.
They would be worth more, but there is clearly a big risk in using a hacked Avios account to book a flight for a future date. Much of the fraud I hear about is via Avios hotel redemptions. A fraudster can book and check-in (and hopefully check-out) before you even noticed your points were gone. I imagine that fraudulent redemption of wine or other goods, sent to ‘safe’ addresses, is also popular.
The image below, click to enlarge, explains a bit more about how the dark web works:
Airbnb and Uber accounts are also worth £5+. The value of a hacked Uber account, given it can be used globally, is obvious. Whilst you can easily block your account any fraudster timing it right (eg taking rides in the early hours of the morning when the UK account holder is likely to be asleep) can easily get more than £5 of value before the plug is pulled.
Airbnb is more interesting. Hacking into the account of a host allows you to change their banking details and have stay money sent elsewhere. Hacking into the account of highly rated guests allows you to book high-end properties without suspicion and then burgle them.
Even Facebook accounts with no financial information sell for an average of £3.74 because the treasure trove of personal data you leave there is enough for many forms of identify theft. (How many of the security questions on your online banking account could be answered by someone who also had access to your Facebook account? HSBC tends to ask me: Your child’s middle name? The town where you went to school? Where did you live in the year 2000?)
(Want to earn more Avios? Click here to visit our home page for the latest articles on earning and spending your Avios points and click here to see how to earn more Avios from current offers and promotions.)