What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and some dark marketplaces do nothing else but sell this information to other attackers, who will perform the actual exploitation.  You might be surprised just how little it will resell for on the Dark Web.

Here are some examples:

  • Brazzers (a pornography site) $1
  • US Credit Card – $4-$12
  • EU Credit Card – $28
  • Yahoo $1.20
  • Gmail $1.20
  • Dell $2
  • Cell Phone Acct – $14
  • Apple account – $50 +
  • Uber $2
  • Netflix $2
  • Walmart $2.50
  • Twitter $3
  • Facebook Account – $50
  • Mattel Premium $4
  • Amazon $6
  • Ebay $10
  • eHarmony $10
  • PayPal $80
  • Medical Record – $50
  • Web Site admin – $100
  • Social Security – $250 +
  • Driver’s License – $100 +
  • Bank Account – 6% of bal

In some cases it hardly seems worth the effort, but most of these vendors sell in volume, so the payoff can be substantial.  But for the victim, the amount of effort that goes into recovering your account generally is more than the resale value of the lost information, which adds insult to the injury.

Strong, long passwords and two-factor authentication can help you avoid these sorts of compromises.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.