On the dark web, stolen identities sold for shockingly low amounts
(KUTV) — Hack after hack.
Data breach after data breach.
Criminals want your identity and they will stop at next-to-nothing to get it.
But despite the brazen hacks and attacks, a Get Gephardt investigation finds that your identity isn't actually worth very much at all.
With the help of FBI Supervisory Special Agent Jeffrey Collins, we went shopping inside the dark web.
Collins pulled up a website on which someone was offering to sell a Wells Fargo name, password and account balance for about $1.00. Other examples show similarly low amounts for private information.
When folks think of identity theft, they likely think credit cards or social security numbers. It goes a lot deeper than that.
Pretty much everything is available on the dark web, Collins says.
For sale we found everything from bank accounts, social security numbers, passports and driver's licenses to log-ins for people's email addresses, Netflix and Comcast accounts and Air BandB credentials.
“I view it as sort of the Amazon of elicit goods," said Collins.
Like Amazon, dark web sellers actually get reviews and star ratings on some websites.
An in-depth investigation by the website Top10VPN shows just how little your identity is actually worth in the marketplace. For example, they found gmail or yahoo logins going for about $1.00. Driver’s licenses or ID cards sell for about $29.00. Credit card details average about $50.00.
What's worse, Collins paints a bleak picture of how likely it is that your information has been compromised.
“We like to say, it's either the ones that know they've been hacked or don't and will soon enough," he said.
To protect yourself, Collins says it’s important to have strong passwords and to make sure that the passwords are unique for every website you log in to. If somebody buys your bank account password, and it’s the same password that you use for everything, then that crook may be able to get in.
But, the absolute BEST way to protect your self, Collins says, is with two-factor identification. A lot of websites offer it. It usually works by asking you your username and password, and then sends a text message to your cell phone with a random PIN that you have to enter before you can log in.