Ever wondered how much your life might be worth? If we're talking about the digital world then the answer might be, 'not very much.'
Cybercriminals could sell your complete digital life, including social media accounts, banking details, app data, gaming accounts, and even remote access to servers or desktops, for as little as $50.
A new study from Kaspersky Lab has studied dark web markets to determine how much money cybercriminals can make by selling consumers' personal data online.
It finds that for under $50, criminals can sell a person's complete digital life on the dark web, including data from breached social media accounts; banking details; remote access to servers or desktops; data from popular services like Uber, Netflix, and Spotify; and accounts for gaming websites, dating apps and porn websites, which might include credit card information.
The price paid for a single breached account is even lower, with logins for things like gaming and social media platforms selling for about $1 each, eCommerce logins go for around $10 and server accounts for rather more. There's increasing evidence of market forces at work too, with criminals offering discounts for buying in bulk. Interestingly, some criminals are so confident selling data they provide their buyers with a 'lifetime warranty,' so if an account they have purchased stops working, the buyer will receive a new account for free.
The most common way the data is obtained is through spear-phishing campaigns or by exploiting security vulnerabilities in a web application's software. After a successful attack, the criminal will obtain a password dump, containing a combination of email addresses and passwords for the hacked service. With many people using the same password for several accounts, attackers may then be able to use this information to access accounts on other platforms.
"It is clear that data hacking is a major threat to us all at both an individual and societal level, because stolen data can be used for many nefarious activities," says David Jacoby, senior security researcher at Kaspersky Lab. "Fortunately, there are steps that we can take to prevent this, such as using cybersecurity software and being aware of how much data we are giving away for free -- particularly on publicly available social media profiles."
You can read more about the research on the SecureList blog.