It might be tempting to assume that your credit card number is the holy grail for hackers, in terms of the value that it can fetch on the dark web. Especially when you stop and think about all of the places that you’ve given your card number to — everywhere you’ve typed it online or physically swiped the card in person — it’s easy to see where it’s the kind of thing that would be somewhat easy for thieves to get their hands on, and something they’d love to have since it ostensibly translates into instant financial gain.
Based on a new dark web price index for 2021 that was prepared by the data privacy- and cybersecurity-focused website Privacy Affairs, however, it’s actually your Gmail account that would in many cases reap a much better financial reward for hackers than a stolen credit card number.
“Notable corporations and organizations like NASA, McDonald’s, Visa, MasterCard, Microsoft, T-Mobile, Lockheed Martin, Google, even cybersecurity companies FireEye and SolarWinds have all been victims (of) serious breaches in 2020 alone,” Privacy Affairs explains. And where does all this stolen data end up?
It winds up for sale, in the shadowy corners of the internet that ordinary users don’t have access to. And for those of you who still aren’t fully adhering to best practices about data privacy and securing your myriad digital accounts, perhaps seeing a dollar amount attached to what those accounts can garner for an enterprising hacker might help to scare you straight.
Based on Privacy Affairs’ Dark Web Price Index for 2021, which includes data captured through May 9, 2021, here’s what various credit cards can earn a hacker:
- A cloned Mastercard with PIN — $25
- Cloned American Express with PIN — $25
- Credit card details, account balance up to $1,000 — $150
- Credit card details, account balance up to $5,000 — $240
- Stolen online banking logins, minimum $100 in account — $40
- Stolen online banking logins, minimum $2,000 in account — $120
- Walmart account with credit card attached — $14
- Hacked (global) credit card details with CVV — $35
- And hacked American credit card details, with CVV — $17.
Here’s the part that certainly surprised me but makes sense when you stop and thinking about it: A hacked Gmail account can actually fetch more than almost all of the above ($80), according to Privacy Affairs. When you consider how much information flows into a Gmail account that can unlock and/or lead hackers into other aspects of your life, it makes sense that the bad guys would pay more for that.
Another important point regarding credit card numbers is that dark web buyers of card data apparently tend to get a guarantee of 80% — as in, with the card data they buy in bulk, it’s expected that 8 out of 10 will be accurate in terms of things like the advertised card balance.
On a related note, another interesting data point revealed by Privacy Affairs is that the average dark web price for a hacked Netflix account that includes a 1-year subscription is $44, a bit of a hefty premium over what said hacker could just, you know, pay for a subscription legally.
Related coverage: