What’s your data worth on the dark web?

What’s your data worth to cybercriminals who can freely buy, trade and steal it from the dark web? The answer may surprise you.

First a dark web tutorial. The Dark Web is the same as the internet. It is easily accessible to criminals and others in the know. It is a marketplace for hire-a-hitman; drugs; child porn; slavery; terrorism; and just about every perverted, demented, dystopian and down-right illegal activity you can imagine.

And it hosts profiles on you. Those profiles start from data breaches at reputable companies, trading data acquired through fake websites, SMS and phone scams. The profile starts with the basics – name, address, phone number (and type/location/IP address etc). Then it adds digital breadcrumbs – seemingly innocuous pieces of data that fall from multiple sources. Ultimately that profile can contain gigabytes of data.

Bots crawl the web adding your Facebook details; pet’s name; mother’s maiden name; birthday; friends name; where you eat; what you like; where you work; and probable passwords to squirrel it away in your dark web profile.

A highly sophisticated AI interrogates the data to assess your risk category. For example, if it finds the profile contains two of the three essential pieces of data (the puzzle) – driver’s licence and social security number (or similar) it extracts that and farms it to cybercriminals to acquire the remaining pieces for Identity Theft or fraud.

What’s your data worth?

Privacy Affairs has an update to its ground-breaking 2019 study. It concluded that the sales volume was way up – more than 9,000 dark web vendors selling personal data. The focus in 2021-22 was on credit cards – a quick and easy way to make money. And the scope of the data is exploding with hacked cryptocurrency and even stolen Uber records.

But the most important 2022 fact – more data is selling for less money reflecting a major oversupply of targets ripe for the picking.

Except for one item – NSW driver’s licence details have gone from US$20 to $150.

The list of items and prices paid is too long to reproduce here – you can access it at Privacy Affairs.

How to minimise data harvesting

  • Don’t use public Wi-Fi – if you do use a VPN
  • Take extreme care at ATMs as fake keypads and card skimmers are in widespread use on generic ATM machines. Generally not at bank branches or use Woolies or Coles to get cash out.
  • Never give sensitive information over the phone unless you initiate the call using a known correct number for the bank etc.
  • Install anti-virus/malware on your PC, Android, macOS and iOS
  • Never use the same password twice. Although it is fine to use a junk password with no connection to real passwords on non-financial accounts. Use a password manager like LastPass.
  • Regularly delete Apps and accounts that you don’t use. Where possible select permanent deletion of your data.
  • Do not overshare on social media like Facebook, Instagram, Twitter, Linked In and more. Never reveal information that could be a digital breadcrumb for hackers.
  • Never click on a social media, email or SMS link unless you know it is not fake
  • The internet is not a nice world so have a healthy degree of paranoia

CyberShack’s view – What’s your data worth pales to insignificance when you experience ID Theft

The sad truth is that the growing supply of personal information on the Dark Web makes it cheaper, and more likely, that cybercriminals will hack your accounts.

Read our Consumer Advice guides. Do all you can to educate your family and friends, particularly those who as not-tech savvy or vulnerable seniors.

Norton’s new 360 Advance has LifeLock to help you detect and recover from scams and ID Theft: Who you gonna call? Norton 360 Advanced will personally help you defeat scammers.