The Price and Value of Stolen Data

Researchers from SpiderLabs reveal the price cybercriminals can garner from stolen data, and how valuable specific data is to threat actors. Cybercriminals are effective in their pursuit of profit as opposed to using the data themselves. They split their operations into business fields as to focus on aspects of hunting, attacking, and gathering data. Prices of course vary based on the type of with PII data for social security numbers, passports, and driver's licenses all sold between $0.20 to $50. The price of the data is shockingly little, as framed by SpiderLabs "For the price of a Starbuck’s Caramel Frappuccino Grande and a cheese Danish, about $8, a cybercriminal can obtain all the information needed to max out a person’s stolen credit card and possibly steal their identity." Credit cards are sold based on factors such as the amount of available credit and its class common, business, platinum, corporate, etc. These cards are sold ranging from $8 to as high as $1500. Data pertaining to bank account access and organization access are sold for the highest amount. Organization access credentials for RDP, SSH, FTP, and VPN can all be sold from $50 to $2000. Bank account access can be priced anywhere between $100 to $3000.

‍