Site icon On DarkNet – Dark Web News and Analysis

Dark Web Price Index 2021

(From privacyaffairs.com)You wouldn’t know it by watching the news, with everything that’s been happening surrounding the pandemic and global politics, but up until this point, 2020 has been one of the worst years for cyber attacks.

Notable corporations and organizations like NASA, McDonald’s, Microsoft, T-Mobile, Lockheed Martin, even cybersecurity companies FireEye and SolarWinds have all been victims to serious breaches in 2020 alone.

Where does all of this leaked information end up? For sale on the Dark Web of course. We investigated how the Dark Web market has changed since our previously reported Dark Web Price Index 2020, so you can understand what your personal information is worth and why you should protect it.

Info reflects data collected on May 9 2021.

This is what we found:

CategoryProductAvg. dark web Price (USD)
Credit Card DataCloned Mastercard with PIN$25
Cloned American Express with PIN$35
Cloned VISA with PIN$25
Credit card details, account balance up to $1,000$150
Credit card details, account balance up to $5,000$240
Stolen online banking logins, minimum $100 on account$40
Stolen online banking logins, minimum $2,000 on account$120
Walmart account with credit card attached$14
Hacked (Global) credit card details with CVV$35
USA hacked credit card details with CVV$17
UK hacked credit card details with CVV$20
Canada hacked credit card details with CVV$28
Australia hacked credit card details with CVV$30
Israel hacked credit card details with CVV$65
Spain hacked credit card details with CVV$40
Japan hacked credit card details with CVV$40
Payment processing servicesStolen PayPal account details, minimum $100$30
Stolen PayPal account details, minimum $1,000$120
PayPal transfers from stolen account, $100-$1,000$50
PayPal transfer from stolen account, $1,000 – $3,000$340
PayPal transfers from stolen account, $3,000+$180
Western Union transfer from stolen account, above $1,000$45
Stolen PayPal account details, no balance$14
Stolen UK fully verified Skrill account details$200
Hacked TransferGo account$510
50 Hacked PayPal account logins$200
Hacked UK Neteller account$70
Hacked PerfectMoney account$160
Hacked Weststein Card account$710
Movo.Cash Login$14
Hacked Western Union Account$45
Verified Stripe account with payment gateway$1,000
Crypto AccountsHacked Coinbase verified account$610
USA verified LocalBitcoins account$350
Crypto.com verified account$300
Coinfield.com verified account$410
Kraken verified account$810
Cex.io verified account$710
Blockchain.com verified account$310
Binance verified account$410
Social MediaHacked Facebook account$65
Hacked Instagram account$45
Hacked Twitter account$35
Hacked Gmail account$80
Instagram followers x 1000$5
Spotify followers x 1000$2
Twitch followers x 1000$5
LinkedIn company page followers x 1000$12
Pinterest followers x 1000$4
Soundcloud plays x 1000$1
Twitter retweets x 1000$25
Instagram likes x 1000$5
Hacked ServicesUber driver hacked account$14
Uber hacked account$8
ZipCar account$12
Bet365 account$50
Lykke account$260
FedEx account$22+
Netflix account – 1 year subscription$44
Kaspersky account$8
Various adult site accounts$5
Canva Pro yearly$6
NBA League Pass$8
Orange TV$4
Hulu$5
The Telegraph UK Premium$7
CNBC Pro$3
Netflix 4K 1 year$4
HBO$4
Ancestry.com$8
Adobe Creative Cloud 1 year$160
eBay account with good reputation (1,000+ feedback)$1,000
Forged Documents – ScansAlberta CA Drivers License (scan)$32
Minnesota drivers license$20
Utility Bill templates$39+
US Business cheque templates$15
NSW (Australia) drivers license$20
Russian passport scan$100
New York drivers license$80
USA selfie with holding ID$100
US valid social security number$2
Forged Documents – PhysicalFake US Green Card$150
New Jersey ID$50
Netherlands Passport$4,000
Poland Passport$4,000
Indiana ID$185
Texas ID$145
Utah ID$160
European Union National ID (avg.)$120
Latvian National ID$500
Louisiana ID$125
Montana ID$150
Nevada ID$160
Delaware ID$185
France Passport$4,000
Lithuanian passport$1,500
Maltese Passport$6,500
Maltese Passport$6,500
Various European Union passports$4,000
US driver’s license$100
Email Database DumpsFake US Green Card$150
600k New Zealand emails$10
350k Czech emails$10
2,4 million Canada emails$10
4,78 million Mexico emails$10
380k Austria emails$10
Private USA dentists database 122k$50
USA Voter Database (various states)$100
MalwareGlobal low quality, slow speed, low success rate x 1000$50
Europe low quality, slow speed, low success rate x 1000$320
USA, CA, UK, AU low quality, slow speed, low success rate x 1000$900
Global med quality, 70% success rate x 1000$80
Europe med quality, 70% success rate x 1000$500
USA only med quality, 70% success rate x 1000$1,000
USA, CA, UK, AU med quality, 70% success rate x 1000$1,400
Europe fresh high quality x 1000$2,500
Europe aged high quality x 1000$1,200
USA high quality x 1000$1,900
CA high quality x 1000$1,400
UK high quality x 1000$2,200
Android x 1000$900
Premium x 1000$5,000
DDOS AttacksUnprotected website, 10-50k requests per second, 1 hour$15
Unprotected website, 10-50k requests per second, 24 hours$50
Unprotected website, 10-50k requests per second, 1 week$500
Unprotected website, 10-50k requests per second, 1 month$1,000
Europe low quality, slow speed, low success rate x 1000$320
Premium protected website, 20-50k requests per second, multiple elite proxies, 24 hours$200

What We Found

As predicted, there is much more volume being sold now compared to last year, with fake ID and credit card vendors reporting sales in the several thousands. Not only quantity, but the variety of items to purchase has grown as well, such as hacked crypto accounts and web services like Uber accounts.

This is a vendor profile of someone selling stolen credit card data. It has accumulated more than 1,000 sales and over 600 positive reviews in just a year:

There are hundreds of vendors like the above.

With the massive influx of supply, buyers seem to be gravitating towards bigger, “trustworthy” sites, with White House Market holding the largest market share of sales. The Dark Web markets are even starting to parody traditional markets with comical offers of “buy 2 cloned credit cards and get 1 for free!!” for example.

In an effort to mitigate detection and tracking by law enforcement, the Dark Web is moving towards increased security on all ends. The markets have abandoned Bitcoin (BTC) as it is not secure, and vendors are demanding buyers to use Monero as payment and communicate only through PGP encryption.

Our methodology was to scan dark web marketplaces, forums, and websites, to create an index of the average prices for a range of specific products.

To further illustrate how this marketplace is thriving, below you can find a snapshot of a vendor profile with buyer ratings. This fake ID vendor seemingly registers sales every day:

Cloned Credit Cards and Cardholder Data

Despite the increasing supply, prices for cloned credit cards and associated cardholder data actually seemed to increase across the board. The price increase is most likely due to a combination of factors like the increasing risks of attaining the information, the increasing benefit for buyers to use the information, the increased quality/accuracy of the card data, or just good ol’ inflation.

Vendors of stolen credit card data tend to offer a guarantee of 80%, which means that two out of every ten cards either aren’t accurate or they have less than the advertised balance. Credit card records and cardholder data are typically sold in the format [CC|MM|YY|CVV|HOLDER_NAME|ZIP|CITY|ADDRESS|EMAIL|PHONE], the first 4 sections are card details and the following 5 sections show the cardholder information.

Updated Pricing (Oct. 2020 to Feb. 2021)

ProductAvg. Price USD (2020)Avg. Price USD (2021)YoY Difference
Cloned Mastercard with PIN$15$25+$10
Cloned American Express with PIN$35$35$0
Cloned VISA with PIN$25$25$0
Credit card details, account balance up to $1,000$12$15+$3
Credit card details, account balance up to $5,000$20$24+$4
Stolen online banking logins, minimum $100 on account$35$40+$5
Stolen online banking logins, minimum $2,000 on account$65$120+$55
Walmart account with credit card attached$10$14+$4

We have also includes several new “products” that weren’t covered in our 2020 version of this index.

New Products on Price Index

Credit Card DetailsAvg. Price USD (2021)
Hacked (Global) credit card details with CVV$35
USA hacked credit card details with CVV$17
UK hacked credit card details with CVV$20
Canada hacked credit card details with CVV$28
Australia hacked credit card details with CVV$30
Israel hacked credit card details with CVV$65
Spain hacked credit card details with CVV$40
Japan hacked credit card details with CVV$40

Many new listings of credit card details are categorized by country, which suggests where the breach took place, the accuracy of the credit card details, and the usefulness of the stolen data.

You can see that USA hacked credit card details are valued the lowest (due to high supply), and Israel the highest.

Example of stolen credit cards being sold on the dark web (vendor names have been removed):

Payment Processing Services

PayPal account details are easily the most abundant items listed on these dark web marketplaces, and as such they’re extremely inexpensive to purchase. The more expensive option is actual transfers from a hacked account.

As you can see in the below table, account details have dropped significantly in price, while the price of transfers have increased.

To accompany the purchase of payment processing accounts, another commonly listed item is guides on how to cash out the transfer without alerting the authorities. These guides sell for cents on the dollar, and whether they actually work remains unclear.

Updated Pricing (Oct. 2020 to Feb. 2021)

Payment Processing ServicesAvg. Price USD (2020)Avg. Price USD (2021)YoY Difference
Stolen PayPal account details, minimum $100$199$30-$169
Stolen PayPal account details, minimum $1,000$120
PayPal transfers from stolen account, $100-$1,000$5
PayPal transfers from stolen account, $1,000-$3,000$320$340+$20
PayPal Transfer from stolen account, $3,000+$156$180+$24
Western Union verified account$98$45-$53

New Products on Price Index

Payment Processing ServicesAvg. Price USD (2021)
Stolen PayPal account details, no balance$14
Hacked TransferGo account$510
50 Hacked PayPal account logins$200
Hacked UK Neteller account$70
Hacked PerfectMoney account$160
Hacked Weststein Card account$710
Movo.Cash Login$14
Hacked Western Union Account$45
Verified Stripe account with payment gateway$1,000

Payment processors have become more and more prevalent as retailers accept mobile pay and other forms of online payment. These payment processors vary in cybersecurity capabilities and insurance, so the value of a hacked account is likely to fluctuate as a result.

Example of stolen banking and payment processing information being sold on the dark web:

Crypto Accounts

Hacked crypto accounts seem to be one of the most valuable items for purchase. Due to the skyrocketing prices of BTC and other cryptocurrencies, hacked accounts may hold large sums of coin-based currency and cash, protected by relaxed security measures after the initial verification process.

The high-value accounts matched with abundant BTC ATMs for anonymous cash-out make crypto accounts a very valuable item for hackers.

Crypto$Avg. Price USD (2021)
Hacked Coinbase verified account$610
USA verified LocalBitcoins account$350
Crypto.com verified account$300
Coinfield.com verified account$410
Kraken verified account$810
Cex.io verified account$710
Blockchain.com verified account$310
Binance verified account$410

Example listings of hacked cryptocurrency site accounts being sold:

Social Media

Whether it’s the increased supply of hacked information or the diminishing value of an individual hacked account, prices for hacked social media accounts seem to be dropping across all platforms. Additionally, offers to hack specific accounts or sell them were relatively scarce, but there were still some.

Given the recent increase in security measures (e.g., MFA, account locks on too many attempted passwords) implemented by social media platforms, hackers must resort to social engineering techniques to gain login credentials, which is a very labor intensive endeavor for a relatively low success ratio.

Also worth noting, the extremely low cost of social engagement (e.g., likes and follows). This just proves how easy it is for some to gain influence through social proof with just a few bucks.

Updated Pricing (Oct. 2020 to Feb. 2021)

Social MediaAvg. Price USD (2020)Avg. Price USD (2021)YoY Difference
Hacked Facebook account$75$65-$10
Hacked Instagram account$55$45-$10
Hacked Twitter account$49$35-$14
Hacked Gmail account$156$80-$76
Instagram followers x 1000$7$5-$2
Spotify followers x 1000$3$2-$1
Twitch followers x 1000$6$5-$1
LinkedIn x 1000$10$12+$2
Pinterest followers x 1000$5$4-$1
Soundcloud plays x 1000$1$1$0
Twitter retweets x 1000$25$25$0
Instagram likes x 1000$6$5-$1

Example of hacked social media accounts for sale:

Hacked Services

Vendors even sell access to paid online subscription services at lower prices for those willing to take the risk.

Hacked ServicesAvg. Price USD (2021)
Uber driver hacked account$14
Uber hacked account$8
ZipCar account$12
Bet365 account$50
Lykke account$260
FedEx account$22+
Netflix account – 1 year subscription$44
Kaspersky account$8
Various adult site accounts$5
Canva Pro yearly$6
NBA League Pass$8
Orange TV$4
Hulu$5
The Telegraph UK Premium$7
CNBC Pro$3
Netflix 4K 1 year$4
HBO$4
Ancestry.com$8
Adobe Creative Cloud 1 year$160
eBay account with good reputation (1,000+ feedback)$1,000

Examples of various hacked online accounts being sold:

Forged Documents - Scans and Physical

Forged documents are available as digital scans or as physical documents. Depending on the vendor, they are highly customizable and can be made with any details that the buyer wants, so with just a few pieces of real information, a criminal could create an entire file of forged official-looking documents.

Document scans with selfie is another valuable purchase as they can be used for SIM swap attacks as well as personal data access requests in California and in the EU.

Besides the documents listed in the table below, counterfeit money is also extremely prevalent, mainly in denominations of 20 or 50 USD. We found USD, EUR, GBP, CAD, AUD were the most common, and some came with a UV pen test guarantee. The reported “high-quality” counterfeit banknotes typically cost around 30% of the banknote value.

Document ScansAvg. Price USD (2021)
Alberta CA Drivers License (scan)$32
Minnesota drivers license$20
Utility Bill templates$39+
US Business cheque templates$15
NSW (Australia) drivers license$20
Russian passport scan$100
New York drivers license$80
USA selfie with holding ID$100
US valid social security number$2

Example listings of fake documents being sold on the dark web (digital form):

Physical forged documents are also being sold. These are the highest priced items on the dark web markets by far.

Physical DocumentsAvg. Price USD (2021)
Fake US Green Card$150
New Jersey ID$50
Netherlands Passport$4,000
Poland Passport$4,000
Indiana ID$185
Texas ID$145
Utah ID$160
European Union National ID (avg.)$120
Latvian National ID$500
Louisiana ID$125
Montana ID$150
Nevada ID$160
Delaware ID$185
France Passport$4,000
Lithuanian passport$1,500
Maltese Passport$6,500
Maltese Passport$6,500
Various European Union passports$4,000
US driver’s license$100

Example listings of forged documents being sold on the dark web (physical form):

Email Database Dumps

Email dumps are very common and notoriously inexpensive due to their mainstream availability and low accuracy. Most email dumps are aggregations and collections of other email breaches.

Email DumpsAvg. Price USD (2021)
Fake US Green Card$150
600k New Zealand emails$10
350k Czech emails$10
2,4 million Canada emails$10
4,78 million Mexico emails$10
380k Austria emails$10
Private USA dentists database 122k$50
USA Voter Database (various states)$100

Example listings email database dumps being sold:

Malware

Once installed on compromised systems (e.g., Windows, Android and others), malware gives hackers full access to the machine, which can be used to hijack computer resources via ransomware or to steal information about the user.

Common ways of implementing the malware is via fake online casinos, FB/social networks, warez websites etc. so beware downloading anything from untrusted sites and sources.

For every 1,000 installs, hackers stand to steal tens of thousands of dollars.

Updated Pricing (Oct. 2020 to Feb. 2021)

MalwareAvg. Price USD (2020)Avg. Price USD (2021)YoY Difference
Global low quality, slow speed, low success rate x 1000$70$50-$20
Europe low quality, slow speed, low success rate x 1000$300$320+$20
USA, CA, UK, AU low quality, slow speed, low success rate x 1000$800$900+$100
Global med quality, 70% success rate x 1000$80$80
Europe med quality, 70% success rate x 1000$700$500-$200
USA only med quality, 70% success rate x 1000$900$1,000+$100
USA, CA, UK, AU med quality, 70% success rate x 1000$1,300$1,400+$100
Europe fresh high quality x 1000$2,300$2,500+$200
Europe aged high quality x 1000$1,400$1,200-$200
USA high quality x 1000$1,700$1,900+$200
CA high quality x 1000$1,500$1,400-$100
UK high quality x 1000$2,000$2,200+$200
Android x 1000$600$900+$300
Premium x 1000$6,000$5,000-$1,000

Example listings of malware being sold on the dark web:

DDOS Attacks

A distributed denial of service (DDoS) attack sends the target website thousands of connection requests per second to overload and crash the website’s server, thereby taking a website offline. Typically, no information is stolen through these attacks, but they are used to dox a website or cover up other hacking activities.

Updated Pricing (Oct. 2020 to Feb. 2021)

DDOS AttacksAvg. Price USD (2020)Avg. Price USD (2021)YoY Difference
Unprotected website, 10-50k requests per second, 1 hour$10$15+$5
Unprotected website, 10-50k requests per second, 24 hours$60$50-$10
Unprotected website, 10-50k requests per second, 1 week$400$500+$100
Unprotected website, 10-50k requests per second, 1 month$800$1,000+$200
Premium protected website, 20-50k requests per second, multiple elite proxies, 24 hours$200$200

Why This Data is Important

Dark web market data may not provide the average person with useful insights, but what they do provide is a powerful perspective into just how valuable your personal data really is, and how cheap it is to exploit you.

We’ve heard all the horror stories of unsuspecting victims losing their life savings or hackers selling cam footage on the deepest corners of the web, but it’s easy to think it will never happen to you. The sad truth is with the growing supply of personal information on the dark web, the likelihood and occurrence of devastating hacks increases every day.

The reality is that hackers rarely resort to targeting specific people. With the sheer quantity of data available for purchase, they just need to play the numbers game, and if you don’t protect yourself, you’ll be the one paying the price. By adopting a few, simple rules and habits, you’ll make it harder for hackers to get your data, and in doing so take yourself completely out of their crosshairs. Like we said, it’s just a numbers game.

How to Protect Yourself From Identity Theft

By following the below recommendations, you will be much more likely to avoid identity theft.

Avoid Public Wifi

Avoid public or unsecured WiFi. If you must log into an account on a network you don’t trust like at a coffee shop, use a VPN to encrypt all communications. If an attacker has admin access to the network you’re using, they can manipulate everything you’re doing and even forge bank websites.

Use Safe ATM Practices


Check for ATM skimmers.
 Skimmers are devices placed over an ATM (often exact replicas of the card reader) to read a card and send your information to a hacker. To check for skimmers, you should:

Check for fake keypads. Fake keypads are sometimes placed over the legitimate one to record your PIN number. They’re also often very loosely mounted. If it jiggles around a bit or if you notice the keypad is off-center, you should avoid using it.

Keep your Information Private

Avoid giving sensitive information over the phone to anyone, regardless of whether it is a requirement for some process. If possible, do it in person. And be sure to verify who you are talking to is who they say.

Use Anti-Malware Tools

Use anti-malware software such as AVG on your personal computer to check for malware, and make sure it’s set to automatically update.

Use Account & Password Hygiene

Never use the same password for multiple accounts. This is the easiest way for an attacker to gain access to your accounts. When a major list of account details is dumped on the dark web, your account details can be checked against other services such as email or banking, and you really don’t want them to have the same password.

Delete accounts you don’t use anymore.
 Old accounts can be compromised and used for password resets or similar attacks. However, if you don’t reuse passwords on multiple accounts, this is not really an issue.

Use a password manager such as LastPass or Keepass (both free) so you can have super strong password security for your accounts, and only need to remember one master password.
These rules may feel a bit complicated and burdensome, but once you get used to following them, they’ll become second nature. You develop a sense of cybersecurity that is vital online and in daily life.

These habits may seem burdensome, but over time it will become second-nature. In the end, you will be doing your part in protecting your digital identity and safeguarding your own future.

Exit mobile version