Recent research has revealed there are now more than 15 billion items of stolen data for sale on the dark web; which to put into context equates to two sets of account logins for every person on the planet. It is no surprise then that the level of ID fraud is now at its highest ever level.
A team from Digital Shadows Proton Research spent 18 months auditing criminal forums and marketplaces and has concluded that the amount of stolen data has increased by 300% since 2018.
However, the research did reveal there is a significant amount of duplication, although it is estimated that there are still 5 billion unique pieces of information available. This unique data goes for a premium, as it is likely to be newer and therefore more lucrative.
The average price for commercially traded logins was found to be £12.32, the more valuable credentials such as active bank account logins are more expensive, coming in at an average of £56.65. However, some bank account data sold for as much as £399, depending on the net worth of the account and the freshness of the data. Financial data accounted for 25% of all advertisements for stolen data.
The second most valuable account logins, with an average asking price of £17.30, were those for anti-virus and security solutions. Social media account logins typically commanded less than £7.
When it came to domain administrator accounts that could give access to internal business networks the report reveals that these were usually sold by auction because of their value to criminal hackers, with an average of £2,505 and, in some cases, reaching a price of £95,732.
Deceased data; that is data pertaining to individuals that have passed away, along with a recent verified date of death, was also found to command a premium due to the fact that deceased identity fraud typically goes undetected for longer, resulting in a greater opportunity for fraudsters to cash in.
The study also found that user names were often given away for free as an enticement to buy, showing just how commoditised personal data has become.
With the growing number of data breaches, the amount of data for sale should come as no surprise, nor the staggering increase in ID fraud cases around the world. For organisations, the implications of this study are twofold.
The first is the significance of data security and compliance to GDPR and the second is the rising level of organisations reporting fraud attacks, whereby criminals are attempting to use the stolen data to access credit, finance or goods.
Fraudulent activity is proven to increase during times of economic recession; therefore, it is critical that, as we continue to navigate the global pandemic, data teams protect their organisations against the barrage of identity fraud that is on its way.