While your Social Security number (SSN) is still a valuable piece of information to identity thieves, it is not as valuable as certain types of login credentials.
According to Privacy Affair’s Dark Web Price Index, the current cost of a SSN on the dark web is $2. However, Digital Shadows reports that the price for an email administrator’s login credentials is as high as $120,000.
Stolen login credentials are increasingly the cause of data breaches as well as the information sought. The 2021 Colonial Pipeline cyberattack was due to a compromised password in a system without multifactor authentication. Also, 8.4 billion passwords, which have presumably been combined from previous data leaks and breaches, were posted in a hacker forum.
Identity thieves want login credentials because they can automate cyberattacks or commit scams that require less effort and have a higher payout. It’s why good cyber-hygiene practices like using multifactor authentication, unique passphrases and secure connections have never been more critical.
To learn more, you can find our latest resources on the company website. You can also speak to an advisor at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.
When people think about their Social Security number (SSN), they may think of it as a valuable piece of personally identifiable information (PII). In fact, one of the most popular resources on the Identity Theft Resource Center’s (ITRC) website is our SSN FAQ. However, your SSN is not as valuable to an identity thief as you might think. The same cannot be said about login credentials.
The Cost of a Social Security Number on the Dark Web
According to Privacy Affair’s Dark Web Price Index, right now, the cost of an SSN on the dark web is $2. It is still very important people protect their SSNs. A stolen SSN can put people at risk of many different forms of identity theft. With that said, it’s not necessarily what the criminals are always after.
Tips to protect your SSN:
- Keep your Social Security card in a safe place and leave home without it.
- Only share your number if it is required.
- Create strong and unique passphrases on your accounts to keep identity criminals from accessing them and stealing your SSN.
- Safely store any documents with your SSN; shred them if you don’t need them anymore.
- Monitor your accounts; if someone steals your SSN, it could lead to new accounts being opened
The Cost of Login Credentials on the Dark Web
Digital Shadows reports that the price for an email administrator’s login credentials is as high as $120,000. According to Privacy Affairs, hacked emails and social media accounts are also a lot more expensive than SSNs on the dark web as of May 2021.
A hacked Gmail account is $80.
A hacked Facebook account is $65.
A hacked Instagram account is $45.
A hacked Twitter account is $35.
Login Credentials are the Cause of Some Cyberattacks
Increasingly, data breaches are also related to credential theft. According to Bloomberg, the Colonial Pipeline cyberattack that led to gasoline shortages on the East Coast was due to a compromised password in a system that did not have multifactor authentication. Cybernews reported that a file with 8.4 billion passwords, which have presumably been combined from previous data leaks and breaches, was posted on a hacker forum.
More than 15 billion login credentials are available for sale at any given time in underground identity markets. Consumers also willingly share them as part of phishing attacks and spoofed websites. Cybercriminals use automated tools that can attempt to access 500 accounts per second using stolen logins and passwords. According to Akamai’s new State of the Internet report, there were 193 billion failed attempts to gain access to targeted users’ accounts using stolen or reused login credentials in 2020. The number of login attempts using login credentials increased more than 310 percent, from 47 billion in 2019.
Why Login Credentials are So Valuable
Identity thieves want login credentials. They make more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information. Cyberattacks that require logins and passwords to get access to corporate networks for ransomware or Business Email Compromise (BEC) scams require less effort. They are also largely automated, meaning the risk of getting caught is lower, and the payouts are much higher than taking over an individuals’ account. The average ransomware payouts for all businesses have grown from less than $10,000 in Q3 2018 to more than $300,000 per event by the end of Q1 2021. Large enterprises are making average ransomware payments of more than $1 million. BEC scams cost businesses more than $1.8 billion in 2020, according to the FBI.
What You Can Do to Protect Yourself
It remains crucial that people continue to protect their PII, like their SSN, to reduce their risk of identity crimes. However, with cybercriminals shifting their tactics, good cyber-hygiene habits are more important now than ever.
- Use multifactor authentication on all accounts. It provides an extra layer of security by requiring at least two separate verification steps to log into an account. Use an authentication application if possible instead of a text or email.
- Connect to secure networks with a VPN to keep outsiders out. This practice will prevent hackers, identity thieves, spammers and even advertisers from seeing online activity. With that said, make sure you keep the VPN software up-to-date to avoid the VPN becoming another avenue of attack.
- Keep the software on all your devices up-to-date. Anti-virus is designed to protect your devices from potential attacks by detecting and removing software viruses and other malicious software. Keeping applications on your phone, tablet, computer and smart devices up-to-date is equally important. Enable “automatic updates” to ensure security patches and software updates are automatically applied.
- Use a unique passphrase on all of your accounts. A 12+ character passphrase is easier to remember and harder to crack. Using a different one on each account will also prevent credential stuffing because hackers will not be able to gain access to multiple accounts with a single password.
This article originally appeared on www.idtheftcenter.org Sontiq is a proud supporter of the Identity Theft Resource Center nonprofit.