How much is your personal data worth to a cybercriminal?

Personal data

Top10VPN has been monitoring how much your personal data is worth to a cybercriminal. The results are astounding.

Top10VPN has the full report here. Personal data is gold – it is an interesting read. Following is a curated version.

Amazon has shot up to $30.36, a 237% increase y-o-y. Hackers with stolen Amazon accounts can lock out the legitimate owners and go on spending sprees with the stored credit card, and often buy gift cards which they can then redeem on their personal accounts. We can only speculate that the personal information it gathers is now more invasive and pervasive.

Price depends on what that personal data is.

Email addresses allow spoofing. But there are billions of compromised email addresses and passwords, so Collection #1 and Collection #2-5 are free as most of the gold is long gone.  

Hacked accounts from Apple, Airbnb, Fortnite, Netflix and Uber go for under US$15 each. There is little gold there.

Credit Card numbers allow monetisation and can go for up to $260 for an active card. Cybercriminals pay well for PayPal, Western Union and Moneygram.

Passport numbers ($18.45) start to enable identity theft and illegal immigration. So to do other forms of ID like drivers licences ($27.62) or other proofs of identity ($16.52) are in demand.

Entertainment hacks range from $1.53 to $15.04 if they work – most entertainment accounts allow multiple logins.

Simon Migliano, head of research at, says:

“Just any like other marketplace, dark web markets are susceptible to the ebbs and flows of supply and demand. Last year’s serious security breaches involving Facebook and Best Buy customers led to vast quantities of personal data flooding these black-market sites. The high-profile nature of these hacks has also created quite the appetite for these stolen account details, meaning that prices have notably jumped since last year too.

Personal data

Migliano says this is a highly – and understandably – worrying situation for customers who might have been caught in these hacks. Storing payment information across a whole range of online accounts – even social media – is now par for the course for most consumers as it’s simply so convenient. The downside is that if a fraudster gains access to one account, they then have the keys to the kingdom.

Games and entertainmetn are a huge target

Streaming services and online multiplayer games continue to dominate our leisure time. Hacked Fortnite accounts are actually more appealing for using stored credit cards to splurge on highly desirable in-game perks than for broader fraudulent schemes.

Top10VPN says

  • Get a good VPN – this will protect your personal data on public networks
  • Use Have I Been Pwned to see whether any of your accounts have been breached
  • Use a password manager – These are a cheap and effective way to make sure your accounts have unique (and therefore stronger) passwords
  • Delete your old accounts – these accounts are useless to you but a treasure trove to hackers

GadgetGuy’s take – stop sharing – think!

Anyone with an email address has a dark web profile. Its value depends on how much personal data is in there and how regularly it is updated. Cybercriminals use machine learning and AI to correlate data from various sources and provide rankings on what profiles to exploit next.

Personal data

Believe me – my name was on the Sheraton/Starwood breach and its taken me perhaps a hundred hours to recover and change all passwords and regain use of my web-mail account. Now that is done I am ever vigilant.

I would go one step further and reissue a warning in the strongest terms to stop oversharing data. Facebook, LinkedIn, Instagram, Twitter and hundreds more social media sites collect and monetise or sell user data.

How to stop oversharing or #DeleteFacebook

  • Think, or more specifically, think ahead.
  • Why is someone asking for that data? If it’s not necessary to the ‘transaction’ then go elsewhere.
  • What is the ripple effect of the piece of information you are about to share?
  • Would you like your mother, children, partner/spouse, boss and any other relevant person knowing what you are about to divulge?
  • Think about your information in the public domain today, and think about its impactt decades from now.
Personal data

Still OK with it? Then wait and think again. Time, consideration and reflection are the antidotes to oversharing – use all three.