What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and some dark marketplaces do nothing else but sell this information to other attackers, who will perform the actual exploitation.  You might be surprised just how little it will resell for on the Dark Web.

Here are some examples:

  • Brazzers (a pornography site) $1
  • US Credit Card – $4-$12
  • EU Credit Card – $28
  • Yahoo $1.20
  • Gmail $1.20
  • Dell $2
  • Cell Phone Acct – $14
  • Apple account – $50 +
  • Uber $2
  • Netflix $2
  • Walmart $2.50
  • Twitter $3
  • Facebook Account – $50
  • Mattel Premium $4
  • Amazon $6
  • Ebay $10
  • eHarmony $10
  • PayPal $80
  • Medical Record – $50
  • Web Site admin – $100
  • Social Security – $250 +
  • Driver’s License – $100 +
  • Bank Account – 6% of bal

In some cases it hardly seems worth the effort, but most of these vendors sell in volume, so the payoff can be substantial.  But for the victim, the amount of effort that goes into recovering your account generally is more than the resale value of the lost information, which adds insult to the injury.

Strong, long passwords and two-factor authentication can help you avoid these sorts of compromises.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.