Personal data on the dark Web can cost 'less than a cup of coffee'

Read time 3min 30sec

Willingly or unwillingly sharing personal data in public can have serious consequences, including doxing, or the public de-anonymisation of a person online, as well as the selling of personal data on the dark Web.

Researchers from Kaspersky delved into these two consequences, and discovered that accessing sensitive data such as medical records or identification information on the dark Web can cost less than a cup of coffee.

According to the security giant, while people’s awareness of privacy issues is improving, many still only have a general understanding of why it matters, with 37% of millennials thinking that they are too boring to be the victim of cyber crime.

“This is simply not the case. For instance, doxing, which, in a way, is a method of cyber bullying, can affect any user who is vocal online or does not conform to subjective standards of other users,” the company says.


Doxing happens when an individual shares private information about another person without their consent, in an attempt to embarrass, hurt or otherwise put the target in danger.

People do not usually expect personal information to become public, and even if it does, do not anticipate the harm it might do.

“But as practice shows, with especially determined abusers or malicious users, doxing may potentially turn as far as hacking into the target’s accounts – a service that is offered on the dark markets nowadays,” warns Kaspersky.

To gain a better understanding of the consequences of doxing, Kaspersky researchers analysed active offers on 10 international Darknet forums and marketplaces.

The research revealed that access to personal data can start from as low as 50 US cents, depending on the depth and breadth of the data offered. Some personal information remains as in demand as almost a decade ago, such as credit card data, banking and e-payment service access, with their respective prices unchanged in recent years.

The increase in the number of photos with documents in hand and schemes using them also reflects a trend in the ‘cyber goods game’.


However, new types of data have also come to light, including personal medical records and selfies with personal identification documents, which cost up to $40.

The increase in the number of photos with documents in hand and schemes using them also reflects a trend in the ‘cyber goods game’, says Kaspersky.

If this data is abused, the consequences can be significant. Data sold on the dark market can be used for extortion, execution of scams, phishing schemes, and theft of money. Some types of data, such as access to personal accounts or password databases, can be abused not just for financial gain, but also for reputational harm and other types of social damage.

The upside

Dmitry Galov, security researcher at Kaspersky’s GReAT, says over the past few years, many areas of our lives have become digitised, and some of them, such as our health information, are particularly private.

However, he says there is an upside, as many organisations are taking extra steps to secure their users’ data. “Social media platforms have made especially significant progress in this regard as it is much harder now to steal an account of a specific user. That said, I believe our research highlights how important it is to be aware that your data is in fact in demand and can be used for malicious purposes even if you do not especially have lots of money, do not voice controversial opinions and are generally not very active online,” he adds.

“One has to understand that being and expressing yourself online is not exactly a private endeavour, comments Vladislav Tushkanov, privacy expert at Kaspersky. “It is more like shouting on a crowded street and you never know who might come your way, disagree with you and how they might react. With this, comes risks,” 

See also