The Price of Data on the Dark Web
Much of the data stolen in breaches ultimately ends up on for sale on the dark web. But how much do criminals pay to access it? VPNOverview research gives an insight into how wallet-friendly getting access to the average data breach is
Number of records: 65,700,000
MyHeritage, a popular service for testing DNA and tracking ancestry, was hit by a data breach in June 2018. Only email addresses and hashed passwords – rather than full passwords – were exposed, but more than 60 million email addresses could still be of considerable value to the right person.
Number of records: 50,000,000
In March 2018 popular calorie tracking app MyFitnessPal, which is owned by sportswear giant Under Armour, was hit by a data breach impacting usernames, email addresses and hashed passwords. Despite containing fewer records, the company commands a higher price than others on the dark web, suggesting there is value in a brand name.
Number of records: 15,500,000
A video messaging app for Android and iOS, Dubsmash was hit by a breach in February 2019, involving user locations, usernames, passwords, phone numbers and names. It is for this reason that this particular haul commands a higher price than others, despite containing considerably fewer records.
Number of records: 7,800,000
Occurring in January 2019, the Armor Games data breach includes usernames, emails, hashed passwords and the salt – which enables hashes to be reversed. However, data is this particular haul is a comparative bargain.
Number of records: 3,400,000
The data breach that impacted home improvement site Houzz in early 2019 saw the exposure of user IDs, email addresses, one-way encrypted passwords, IP addresses, city and zip codes, as well as users’ Facebook information – which may explain the high price tag.