Total Processing > Blog > Payments > How Much is your Data Worth on the Dark Web?

How Much is your Data Worth on the Dark Web?

How Much is your Data Worth on the Dark Web?


Abdullah Abdelkafi


17 Sep 2019

Read time

8 Minutes



Stolen data is one of the fastest-selling commodities available on the dark web. There is an array of affordable hacking and exploitation tools at the disposal of petty fraudsters and sophisticated hackers alike. It has become all too easy to gain large profits from selling breached data on the dark web.

But, just how valuable is this stolen information to those on the dark web? And most importantly, how is the value of stolen data measured?
As you can imagine, there are many ways those on the dark web measure how valuable your data is. We’ll not only explain how much your data is being sold for, but also how vendors decide how much your data is worth to buyers.

**What is the Dark Web?**

The dark web is a section of the internet that is not visible to search engines. If someone wants to access the dark web, it requires the use of an anonymising browser such as Tor. You cannot gain access to the dark web unless you have this kind of browser. You may not know much about the dark web, but it may know things about you.

What makes it dark? The dark web allows users to mask their identity such as hiding their IP addresses. This makes cybercriminals nearly impossible to identify and allows fraudsters to operate undetected while committing crimes, such as identity theft.

Only 4% of the internet is available to the general public, meaning a vast 96% of the internet is made up of the deep web. The dark web is just a small section of the internet but it’s a powerful small sector.


**How much are your bank details worth?**

The dark web is full of stolen personal bank information. It’s common to see MasterCard, Visa, and American Express details on there from a variety of different countries. However, US stolen credit card data is typically less expensive than data stolen from other countries.

Credit card data is mainly sold as two different kinds of packages. You can either buy just the credentials of a US citizen for around $12, or you can buy “fullz” for $18, which includes information on the card owner. This helps the buyer verify that they’re the card owner if they are challenged. Below are the prices for Stolen Credit Card Data from 2015-2018.

Credit card data in the US, UK, Canada and Australia increased in price anywhere from 33% to 83% in the time during 2015 to 2018. You can see that in 2015, the price for a US Visa or Mastercard dropped to $5, but jumped up 82% to $9 in 2018.

The average price for a UK Visa or Mastercard in 2015 was $12 but this increased to $22 in 2018. This is approximately an 83% increase. The same went for Canadian and Australian Visas and American Express cards. However, credit cards issued in the EU dropped a little.

The cost of this kind of information really depends on the the added ‘fullz’ information that’s available with it. Another main contributor to how much your bank details would be worth could be dependant on your bank balance.

With a bank balance of $2,000 this data could go for around a tenth of its value $200.

Bank accounts with stealth fund transfer features hold more value on the dark web as the risk is much lower.

An account that can transfer money in stealth mode to US banks can go for around $500 if the available balance is roughly $6,000. However, bank accounts that can transfer funds in stealth mode to United Kingdom banks are significantly more expensive, with a $16,000 account balance going for around $900.


According to Armor, prices for full identities (Fullz) rose between 10% and 39% for people living in Australia and other parts of Europe, which include France, Sweden, Spain, Italy, Denmark, and Ireland. Prices of identities for those living in the UK and Canada stayed the same between 2015 and 2018, while prices in the US decreased by 23% between 2015 and 2018.
The reason for the dramatic price decline in the US was due to an overwhelming supply of personally identifiable information. After several high-profile breaches, this leads to an oversupply for US identities. These were as result from the Equifax breach as well the breach upon the US Office of Personnel Management in 2015.
Below is a visualisation of how much bank, credit card and full information is worth for a UK and US citizen in 2019.


As you can see, the details revealed remain the same, but credit cards will cost buyers a little more. It’s likely that the buyer could obtain more monetary gain from a credit card, but with added Fullz information, they could even open new bank accounts and apply for new credit cards.


**Medical Records**

Medical records have one of the highest payoffs for vendors on the black market. The debate still remains open on exactly how much they are worth. Estimates from experts say the resale value of a medical record is from $70 to $100 each, depending on how comprehensive it is and what type of patient it belongs to.

There have been many medical records leaked through major data heists and these are an absolute gold mine for the vendors of stolen data. This kind of data will always be of high demand on the dark web markets.

Equifax is, they’re one of the largest credit agency data brokers in the world. Hackers infiltrated their network and stole customer names, social Security numbers, birthdates and addresses, affecting more than half the US population. Imagine the return on investment for this vendor.

The prices of medical records have decreased a little over time as there are now so many of them. That being said, more recent news revealed that you can now buy medical records from $20 to $50.

The ‘real’ price of how much you can buy a medical record for really depends on the value of it. The value of certain records depends on the buyers intent, which makes it incredibly difficult to gain a true estimate of how valuable these are in the monetary sense. If the ‘intent’ is to get money by blackmailing the victim, the medical record would need to have extremely sensitive information included.


One of the newer trends is stealing the identities of doctors. This kind of data is selling on the dark web for $500, new research reveals. Documents on sale include malpractice insurance documents, medical diplomas, board recommendations, medical doctor licenses, and DEA licenses. Using this stolen information they can forge the identities of doctors and submit fraudulent insurance claims or obtain prescriptions for controlled drugs like opioids.
Online Payment Accounts, Loyalty Programs & Subscriptions
The value of your PayPal details depends on the available account balance. Your PayPal details can be sold for as little as £40 and increase to around £820 to £2,500 for an £6580 balance.

Your Amazon, British Airways, Facebook, Fortnite and Netflix logins can also be sold on the dark web for around £7. Stolen hotel loyalty programs and auctions account credentials can cost as much as £1,150

Are you surprised to learn that even reward programs and viewing subscriptions can be purchased on dark web markets?


**How do buyers trust the vendors?**

Good sellers are normally ranked according to the quality of their services and their transparency. Dishonest vendors such as those who try to sell false accounts are often outed on forums and end up losing their credibility. In some cases, the website administrators ban them altogether.

**How much data has been bought?**

The number of U.S. data breaches dropped 23% in 2018, while exposed consumer records jumped 126%, according to the 2018 End-of-Year Data Breach Report from the Identity Theft Resource Center (ITRC).

**Credit Card Details**

The number of credit card numbers exposed in the US in 2017 was 14,207,346. Credit card details were around $8 in 2017 that means that vendors made $113,659,000.

Credit card details were around $9 in 2018 and the number of credit card numbers exposed in 2018 was 3,230,308 that means that vendors made a total of $29,072,772.



The number of consumer records exposed containing sensitive personally identifiable information in the US was 197,612,748. This means they potentially made $3,57,034 from fullz information.

This rose to 446,515,334 exposed personally identifiable information records in 2018. Vendors potentially made $8,037, 270 which is over double the profit compared to the prior year.


**Medical records**

In 2017 from 384 breaches there were 5,302,846 medical records stolen. The median price of these records is $85 which means vendors made $450,755,000.
In 2018 from 364 breaches there were 9,927,798 medical records stolen. The median price of these records is $85 which means vendors made $843,880,000.


Interestingly, credit card access has declined and fullz information had a massive spike. It’s likely that instead of vendors selling loads of credit card details, they’re seeking higher paying options and going for quality over quantity with Fullz and medical records.

**How much is your data worth on the dark web?**

Throughout the article we have explained what types of information the dark web could have on you and how much it might cost. Vendors want as much information as they can get, naturally this contributes towards a bigger pay off for them.

The average person has many online accounts, ranging from email and Facebook to online shopping, food delivery and banking. Add up all of those accounts and the typical internet user’s identity is worth about $1,200 or £987 to hackers. The personal loss for the victim will likely cost them a lot more.

As a merchant, it’s crucial to have effective fraud and risk tools in place, as well as 3D Secure authentication to protect your business and a merchant from these threats. To get your defence in place, take a look our Total Defender platform.


**Other sources:**

Ready To Start
Accepting payments?