While cybercriminals seem to be shying away from data theft to outright extortion as their main revenue source (cue in ransomware), stealing personal information and using or selling it for further cybercriminal acts is still a serious problem.
The latest “Data Breach Reports” by the Identity Theft Resource Center (ITRC) revealed that as of September 8, 2016, around 29 million records were exposed in 657 reported breaches. While the total is 16% less than the number of breaches recorded in 2015, personal data remains a prime cybercriminal underground commodity. The demand for stolen personal information was evident even in Trend Micro researchers' recent foray into the French underground. Stolen personal information, when sold, not only lines cybercriminals’ pockets, but can also be used to expose its owners (individuals and companies alike) to other risks.
Every cybercriminal underground market has a place where stolen data is sold. Any piece of personally identifiable information (PII), from credit card credentials to Groupon log-in data, that cybercriminals can get their hands on end up as underground offerings somewhere in the world.
The stolen PII calculator below shows how much cybercriminals gain from the data breach victims lose when their systems/devices get hacked.
Click each type of PII to see how much it is sold underground. Clicking more than one type adds up the prices.
Personal credit card details
Corporate credit card details
We used the lowest prices in US$ for all wares.
Personal credit card details, depending on how much more information they come with (home address, date of birth, mother's maiden name, etc.) and whether they are verified or not, can cost up to US$7.
Facebook credentials can cost as much as US$5.
Google+, Skype, YouTube, and Dropbox credentials can cost as much as US$8.
eBay credentials, depending on how actively used the account is, where its owner is from, and its rating, can cost as much as US$23.
Amazon credentials, depending on the balance on the credit card it is associated with, can cost as much as US$15.
PayPal credentials, depending on whether the account is verified or not and how much information is tied to it, can cost as much as US$5.
Groupon credentials can cost as much as US$7.
As long as cybercriminals can profit from stolen information, individuals and companies will continue to suffer from breaches. Stricter implementation of cybercrime laws and better IT awareness can help. Trend Micro will continue to expose cybercrime and its perpetrators.