Stolen credit card data can be purchased on the dark web for less than €13, according to Equifax.
In analysis of the cost of hacked data on hidden websites, the credit reference agency reveals that US card details are available for a lower price than those stolen in the EU.
American card information can be picked up for below €13 on dark websites, while similar EU data typically costs well over double that price at more than €32.
Hacked webmail accounts – such as Gmail, Hotmail and Yahoo! mailboxes – can fetch an average of around €105. Compromised social media accounts – such as Twitter, Facebook and Instagram – go for around the same figure.
Log in credentials of corporate mailboxes sell for approximately €410.
Cyber criminals can use compromised email and social media accounts to access information that allows them to commit other forms of crime, such as bank account theft, fraud and identity theft.
Hacked account details can also often be used to access other online accounts held by the same victim, who may have used the same credentials to log in to multiple websites.
Equifax offers advice on how to make it less likely that their online accounts will be hacked. The credit reference agency advises internet users to change their account passwords regularly, make sure their social media privacy settings offer a high level of protection and be wary of phishing attacks.
“There is a huge variety of stolen data available for sale on the dark web, including both financial information and login details,” an Equifax analyst writes. “It is also the place fraudsters go to buy the tools used to commit identity theft.”
The firm also takes a look at the cost of online fraud tools, noting that remote access Trojans typically cost cyber scammers as much as €8, while a crypter – which shields malicious programs from anti-virus software – can fetch more than €360. Angler exploit kits can sell for more than €110.
Earlier this week, Britain’s top cyber security chief criticised UK government guidelines on internet passwords, noting that following official advice might actually make internet users less safe.
Ciaran Martin, head of GCHQ’s new National Cyber Security Centre, told BBC Radio 4‘s Today programme: “We have got to make it easier for people to operate safely. We did some work where we worked out what are we asking people to do.
“We worked out what we were asking every British citizen to do is memorise a new six-hundred digit number every month. I don’t think I could do that, none of my best people could do that.”