Can you put a price tag on the security of your online accounts? Hackers certainly can — and a new report shows the average price they’re willing to pay for compromised account logins traded on the dark web.
Researchers with Privacy Affairs, the research arm of cybersecurity firm NordVPN, analyzed hundreds of recent listings on the dark web, where hackers routinely exchange stolen credentials. The researchers indexed the average prices of different types of logins for sale.
A hacked Facebook account goes for $74.50 on average, while Instagram accounts averaged $55.45 and Twitter logins went for $49 on average.
Daniel Markuson, a NordVPN analyst, said in a statement that the selling prices for compromised social media accounts are “relatively low,” but noted that hackers typically access accounts in order to pull off more lucrative scams.
“This information can be used in many fraudulent activities, including identity theft, so its protection shouldn’t be underestimated,” Markuson said in a statement.
A hacked Gmail account averaged a higher selling price — $155,73, on average — due in part to the fact that it could potentially provide a wide range of insight into a target’s life and other accounts.
Hackers also regularly use compromised email accounts to trick other victims into sending compromising information — email scams cost businesses $1.7 billion in 2019, the FBI said, and a FireEye study found that 91% of all cybercrimes start with an email.
Even more lucrative than social media accounts are payment processing service accounts, which hackers use to send cash transfers from other grifts in order to avoid detection by law enforcement. Hackers offered to use stolen PayPal accounts to transfer amounts ranging from $1,000 to $3,000 in exchange for a $320 fee on average, according to the report.
Meanwhile, information on people’s credit cards and debit cards sell for less — anywhere from $15 to $35 on average — in part because those transactions are easily traceable.
The report recommends that people regularly change their passwords in order to avoid having their accounts compromised. Services like Have I Been Pwned are available to check whether a login and password have been stolen in a past breach. Using a password manager can also help keep accounts secure.