The Latest in PII Values on the Dark Web

By | April 17th, 2017|The Dark Web|

CSIDEvery day, cyber criminals of varying skill levels and capabilities buy and sell stolen consumer and business credentials on the dark web. While once perceived to be an inaccessible, mysterious place, the dark web of today is very much within reach. Less technical, younger individuals can access the dark web and participate in underground commerce with just a few clicks.

The dark web now resembles, in many ways, any other commercialized online marketplace. There are banner ads, social media pages, and even user-friendly YouTube tutorials to help guide criminals in their pursuits. Without much effort or technical skill, cyber criminals can access personally identifiable information (PII), popular user accounts, and malware kits to more easily orchestrate attacks.

I’ve enjoyed the opportunity to shed light on these underground marketplaces at conferences like South by Southwest. One exercise I like to run through with attendees is to have them guess the going rate for different pieces of PII. It often shocks people that even high-value information and accounts are selling for cheap across the dark web. For instance, Social Security numbers, email accounts like Gmail and Yahoo, Uber accounts and Netflix accounts being sold on the dark web for around $1.

While it is a somewhat scary reality, consumers and businesses can take steps to significantly reduce the risk that their information ends up on the dark web. By creating long, strong, and unique passwords across accounts, taking advantage of software updates as they are available across all devices, and enlisting the help of a third-party monitoring service, consumers and businesses can stay one step ahead of these growing threats.

Does the price of PII surprise you? Join the conversation on Facebook, Twitter, or LinkedIn.


Here’s the Going Rate for Your Accounts on the Dark Web

By | August 4th, 2016|The Dark Web|

CSIDLast year, I took the stage at South by Southwest and walked audience members through a live demonstration of dark web marketplaces in a session called “Digital Identities: Modern Underground Currencies.” We kicked off with a game of “Price (of Pii) is Right,” where I gave the audience an opportunity to guess how much personally identifiable information was selling for across the dark web. As I revealed the answers, the feeling of shock was palpable.

Credentials for an Uber account? That will set you back $1.49. 20k Avios air miles? A mere $10.

The reality is, many high value accounts are selling for cheap across the dark web. Just this past week, a company called LogDog released a report that revealed just how inexpensive these credentials are being sold for:

  • Email accounts like Gmail and Yahoo:Around $1 (70 cents to $1.20)
  • Amazon accounts:Around $1 (though this ranges from 70 cents up to $6, depending on the account balance and country)
  • Uber accounts:$1-$2
  • Netflix accounts:$1-$2
  • Social Security numbers:About $1

While you may not feel especially threatened by the idea of someone using your Netflix account to stream movies, the real danger here is due to password reuse. Sixty-one percent of people admit to reusing the same password across multiple websites, and hackers have caught on. So while you may not mind if a hacker accesses one of your perceived lower value accounts, they are more than likely to use those same login credentials on your bank website, or to access your medical insurance.

It’s imperative that consumers create long, strong and unique passwords across their accounts, as hacks show no sign of slowing and cyber criminals are younger and less sophisticated than ever. If you’re interested in the creation and evolution of hacker identities, be sure to stay tuned to the blog next week for information on how to help my session make the stage at SXSW 2017.

Do these prices surprise you? We’d love to hear what you think. Join in the conversation on FacebookTwitter or LinkedIn.

Load More Posts