Hacked Facebook, Gmail and Instagram accounts, banking information and even driver licences are being bought and sold on the dark web for as little as $21
with experts warning identity theft may have life-long consequences for victims. Released last week, the US Privacy Affairs Dark Web Price Index shows the average price of a hacked Facebook account is $106, a hacked Instagram account is $80 and access to a Twitter account costs $70. Access to a hacked Gmail account is being sold for $220 on average, the report showed. The dark web is a part of the internet which is accessible only by particular software and allows users and website operators to interact anonymously, often for nefarious purposes. Personal banking details - ranging from a $21 cloned Mastercard and pin to stolen PayPal transfers of more than $3000 - were also readily available on the dark web, the research showed.
Personal information winds up on the dark web courtesy of ostensibly legitimate sources such as online businesses, government or "you and your friends", Australian Privacy Foundation chair David Vaile said. "Mass data breaches happen frequently, but because there's no right to privacy in Australia there's no means to rectify that," he said.
The US report showed fake driver licences were sold at about $100 for "average quality", and $786 for "high quality". Passports fetched about $2150. Counterfeit Australian cash and identity cards are also readily available on the dark web. "Identity information is the gold standard," Mr Vaile said. "Someone might be able to get your postcode, then combine it with your hair colour and what time you go to work - that information can become useful."
NSW Police acting cybercrime squad commander Gordon Arbinja said police were seeing stolen personal data up for sale on the dark web more frequently. "There's either a commodity or a service for sale," he said. Personal data routinely becomes available when it is hacked via a phishing scam or through a targeted attack on a service provider, social media platform or other database, said Detective Acting Superintendent Arbinja.
"They cast a long net, and whoever is captured is vulnerable to the personal data that they provided. These are often targeted attacks, but those tend to be on companies or online entities that hold a significant amount of personal information, not individuals," he said. People can help safeguard their information against attacks by using a unique password, a password manager, two-factor authentication and ensuring any anti-virus software is continually updated. "Never use a password that is remotely connected to you and never use an unsecured Wi-Fi network to access your personal or financial information," he said.