What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and some dark marketplaces do nothing else but sell this information to other attackers, who will perform the actual exploitation.  You might be surprised just how little it will resell for on the Dark Web.

Here are some examples:

  • Brazzers (a pornography site) $1
  • US Credit Card – $4-$12
  • EU Credit Card – $28
  • Yahoo $1.20
  • Gmail $1.20
  • Dell $2
  • Cell Phone Acct – $14
  • Apple account – $50 +
  • Uber $2
  • Netflix $2
  • Walmart $2.50
  • Twitter $3
  • Facebook Account – $50
  • Mattel Premium $4
  • Amazon $6
  • Ebay $10
  • eHarmony $10
  • PayPal $80
  • Medical Record – $50
  • Web Site admin – $100
  • Social Security – $250 +
  • Driver’s License – $100 +
  • Bank Account – 6% of bal

In some cases it hardly seems worth the effort, but most of these vendors sell in volume, so the payoff can be substantial.  But for the victim, the amount of effort that goes into recovering your account generally is more than the resale value of the lost information, which adds insult to the injury.

Strong, long passwords and two-factor authentication can help you avoid these sorts of compromises.



About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.