Value of Stolen Card and Amazon Account Details Rockets
Researchers have seen large spikes in the value of certain stolen data being traded on the dark web, but log-ins for some accounts are selling for as little as $2.
Top10VPN’s first Dark Web Market Price Index report revealed debit card details as the most valuable category, selling for an average of $250, a spike of 270% year-on-year.
Amazon credentials jumped 237% in value to just over $30, while Facebook (75%), Uber (60%) and Netflix (29%) log-ins also recorded sharp increases over their 2018 price. They’re all selling for around the same price, at $9 for Facebook, $11 for Uber and just under $11 for Netflix.
Twitter log-ins surged in value by 21% year-on-year but stand at just $2 today.
Head of research, Simon Migliano, told Infosecurity that dark web prices are wont to fluctuate according to various factors.
“We are now seeing Amazon accounts with high gift card balances as well as just normal hacked accounts, which is driving up prices as it’s easy money,” he explained by email.
“The increase in value of Facebook accounts is likely driven in part by Facebook’s increasing tethers to financial data (e.g. Marketplace) and by the simple fact that Facebook has shown it’s not going anywhere with its latest growth numbers.”
Stolen accounts for Uber are seeing increasing demand from users looking to get around without paying, while those looking for streaming content for free are driving the price of Netflix accounts up, Migliano suggested.
“With Uber and Netflix, it’s a case of services becoming increasingly established and part of everyday life,” he added. “When you don’t pay attention to accounts because they are just ‘there’, it’s easier to successfully commit fraud once those accounts are hacked.”
Migliano claimed stolen debit cards sit at the heart of the cybercrime economy.
“Prices have inflated as the average vendor begins to demand a higher percentage cut from the balance,” he said. “This is likely down to the increasing difficulty of stealing this data.”
Source: Information Security Magazine