Last year, I took the stage at South by Southwest and walked audience members through a live demonstration of dark web marketplaces in a session called “Digital Identities: Modern Underground Currencies.” We kicked off with a game of “Price (of Pii) is Right,” where I gave the audience an opportunity to guess how much personally identifiable information was selling for across the dark web. As I revealed the answers, the feeling of shock was palpable.
Credentials for an Uber account? That will set you back $1.49. 20k Avios air miles? A mere $10.
The reality is, many high value accounts are selling for cheap across the dark web. Just this past week, a company called LogDog released a report that revealed just how inexpensive these credentials are being sold for:
- Email accounts like Gmail and Yahoo:Around $1 (70 cents to $1.20)
- Amazon accounts:Around $1 (though this ranges from 70 cents up to $6, depending on the account balance and country)
- Uber accounts:$1-$2
- Netflix accounts:$1-$2
- Social Security numbers:About $1
While you may not feel especially threatened by the idea of someone using your Netflix account to stream movies, the real danger here is due to password reuse. Sixty-one percent of people admit to reusing the same password across multiple websites, and hackers have caught on. So while you may not mind if a hacker accesses one of your perceived lower value accounts, they are more than likely to use those same login credentials on your bank website, or to access your medical insurance.
It’s imperative that consumers create long, strong and unique passwords across their accounts, as hacks show no sign of slowing and cyber criminals are younger and less sophisticated than ever. If you’re interested in the creation and evolution of hacker identities, be sure to stay tuned to the blog next week for information on how to help my session make the stage at SXSW 2017.