Cybercriminals are no longer really interested in stealing your credit card information.
Continue Reading Below
While a single credit card number once fetched $5 on the dark web, improved methods of detecting and fighting fraud have diminished that resale value to 50 cents, according to Justin Lie, founder and CEO of online fraud management company CashShield.
What’s selling on the black market now is account information. Consumers increasingly use their accounts to access platforms and perform tasks. Think of the mobile payment service Venmo and ride-hailing services, which are storing more data online and giving criminals unprecedented access in one fell swoop.
That bundle of information is valuable on the dark web, which made the Equifax hack so damaging. Not only were more than 147 million Americans compromised, but thieves could sell a package of interconnected personal data points to criminal buyers as opposed to a single piece of information.
Lie noted that cybercriminals will generally target whatever information will yield them the highest return.
The most valuable account information to criminals is Uber account data, which can sell for $30 each on the dark web, or 60 times what one’s credit card information goes for. The ride-hailing platform was breached in 2016, compromising the personal information of 57 million users.
There are more valuable accounts out there that could fetch up to $80 each on the dark web, Lie said, but these platforms have yet to be breached.
Last week, Under Armour announced that data from 150 million users was breached on its MyFitnessPal platform, a diet and nutrition tracking app that it acquired in 2015. According to the company, criminals accessed email addresses, account user names and passwords.
Over the weekend, Hudson’s Bay, which owns Saks Fifth Avenue and Lord & Taylor, confirmed that 5 million consumer credit cards were compromised at some of its U.S. retail locations.