Hackers are selling bank statements for less than $10

A sneak peek into a dark web market

Caution: Do not try this at home

Our case study in collaboration with independent third-party researchers’ work may help you understand that all data is interesting to hackers – even utility bills or bank statements. Therefore, if we better understand, what data could be stolen, we can also better understand how to protect ourselves.

What the study found there was both terrifying and mind-boggling.

Here are a few stats about the market they analyzed:

• Number of listings: >22,000
• Number of sales: >720,000
• Hackers’ income from sales: $17.3 million

What type of data is sold on dark web markets?

Dark web markets are essentially virtual black markets where hackers, cybercriminals, and shady characters buy and sell items obtained by illegal means online.

Ironically, the way a dark web market works is similar to how a regular online marketplace operates — distributors put items up for sale and trade their items in exchange for what is usually laundered money, and then buyers use the “goods” to gain benefits or resell them for a better price.

What document-like items can be found on such markets? Basically, anything that is of some value to cybercriminals, such as bank statements, IDs, passports, digital databases, store receipts, and account credentials.

Below, we list categories of items that our researchers found available for purchase on JUST ONE dark web market on one random day.

Keep in mind that the data our experts found on the dark web market belonged to both individuals and companies.

This means that every entity is a potential target for hackers, and a dark web market is where cybercriminals can obtain information that they can then use against a single person, a group of people, or an entire organization. As you might expect, you can tell by the price of an item for sale if it’s a piece of personal information or a set of company data. What may surprise you, however, is how low these prices can be.

What is the average price of items on the dark web?

Before we get into the numbers themselves, we want to draw your attention to the fact that we're still talking about just one dark web market analyzed on one particular day. Currently, researchers say that there are about 30 large-scale dark web markets in the online world — and their listings are updated all the time with new items and new prices.

Below you will find the average prices of the types of data that were available for purchase on the day our experts conducted the study. Remember that these are, as we mentioned, average prices, which means that there were times when some pieces of information were sold for a much lower low amount. For example, it often happened that the price for a bank statement was as low as $9.99!

What is the country of origin of these items?

From the descriptions of the items for sale on the dark web market we studied, it appeared that they came from many different places around the world, although mainly from Sweden and the United States.

However, as we said, listings on dark web markets are updated regularly. This means that one day the country of origin of stolen information is Sweden, tomorrow China, and the day after tomorrow France. No rules or norms apply.

In brief, in no country in the world is user data completely safe. So if you don't care much about protecting your digital assets, claiming that online territory within your country’s property lines is somehow safer, just remember Murphy's Law: “Anything that can go wrong, will go wrong.”

Should you be worried about dark web markets?

Although we think that the answer to the question above is pretty obvious, we will provide it anyway to add extra weight to it. And so… of course, you should be worried about dark web markets!

The appearance of your business or private data on black market listings can lead not only to the exposure of confidential information but also to tragic consequences such as financial loss or reputational damage. And sometimes, it is impossible to rebuild what was destroyed by cybercriminals using stolen data.

Here are a few examples of what can happen when somebody buys your data on a dark web market:

• Based on a stolen passport, ID, license plate, or other document that involves your PII, cybercriminals can steal your identity and commit crimes while creating the impression that you are responsible for them.
• Using the data provided for the purposes described above, a criminal can impersonate you to gain access to your bank accounts or to the systems of the company you work for. They can also use it to steal your intellectual property from your personal device.
• A criminal can use even something as simple as a stolen shop receipt to perform ransomware attacks and convince you to give them your private information.
• Hackers can sell your personal data to advertisers, who may use it to target you with unwanted ads or even scams.
• Cybercriminals can use your stolen data to create fake profiles on various websites and social media to appear as if they are you and potentially deceive others with false information and content.

Of course, the question of whether you should be concerned about dark web markets can also be answered by asking yourself a different question — “What would happen if my data were made available for sale to criminals?” The answer here is never “Nothing.”

What can you do to prevent hackers from selling your data?

The only way to prevent hackers from selling your data on the dark web marketplace is to never provide it to them in the first place. In other words, you must secure your sensitive information and valuable files so that they never fall into the wrong hands and end up on the dark web sales list.

How can you do this? You use the right cybersecurity tools, of course.

One such tool is NordLocker, an encrypted cloud storage platform that allows you to safely store, manage, and share either personal or business data. Because it uses end-to-end encryption, NordLocker makes sure that your files are always secure both at rest and in transit.

Keeping your sensitive data in an encrypted vault is one of the best — and easiest — ways to protect it from being stolen and made available for sale on a dark web market.

If you want to see how it works, you can go to our website and get a 14-day free trial for NordLocker. This step may be your first towards ensuring that attempts by hackers to steal your data end well for you.

Methodology

The data was compiled in partnership with independent researchers specializing in cybersecurity incident research. They evaluated one marketplace on the dark web and analyzed its listing data, which included category, price, and country of shipment. No information that relates to an identified or identifiable individual (such as names, contact information, or other personal information) was involved in the research. None of the listings were bought or reviewed more thoroughly than stated to perform research. Data was received on April 1, 2022.