The Hidden Data Economy: How Cybercriminals Turn Stolen Information Into Cash.

In the digital economy, data is an expensive commodity with huge demand. Subscription information and other personal data is becoming increasingly valuable, and as this value grows so does the business for stolen data.

The market for selling stolen data has evolved; buying stolen data is now much simpler than most people realise. Within such illegal transactions, there is no regulation or customer service. For this reason, scams are rife. However as the market evolves, some sellers attempt to establish a clientele rapport; McAfee Labs found one vendor offering replacement policies, and social validation via customer feedback. Some sellers are employing professional marketing efforts such as YouTube videos! The report focuses on 4 main types of stolen data available:

  1. Financial Data

In the US a buyer can acquire complete card details for approximately $30, or details such as Bank ID sold individually. Factors such as geographic source and available balance alter information price.

Online payment service accounts are even more commonplace than card details. The price of online payment details are only influenced by the bank balance. $400-$1,000 costs $20-50, whereas a $5,000-$8,000 balance costs $200-$300 (all approximate).

  1. Login Access

Data that allows access to organization systems and networks is also available. This can be in the form of direct access (login details) or vulnerabilities in security. Cybercrime expert Idan Aharoni outlines in his article “SCADA Systems Offered for Sale in the Underground Economy” that criminals now sell access to critical infrastructure systems. His investigation found a photo of a French Hydroelectric Generator that one Cybercriminal gained access to.

  1. Online services

The last few years has seen a vast increase in subscriptions to online services, such as music, video, and more. Demand has equally grown for stolen access to these services. Potential consequences for an owner of such stolen services include the cancellation or blocking of the account and monetary loss. Alternatively, sellers offer bundles of established auction identities with good histories (thus covering up the bad business practices or frauds of the illegal user).

  1. Identities

Stolen personal identities are available to buy. Such identities are usually bundles of data that include both personal and digital data, even images. This even includes a similar marketplace for stolen medical information. The McAfee Labs also reported instances that stolen data and medical information was leaked for free, because the service that was hacked would not pay a ransom fee.


Opportunistic cyber-criminals are nothing new, but their demand is now higher than ever. As cyber crime has evolved over the years, McAfee Labs has always stayed one step ahead, publishing reports such as Cybercrime Exposed, and Digital Laundry. These 2013 reports focused on the simplicity of a cybercriminal attack. But why care? When banks take responsibility for misused credit cards, reimburse lost money and replace your card, we may be annoyed by the hassle but rarely do we care more than this.

In November 2015, McAfee Labs latest reports The Hidden Data Economy. The focus this time however, is not the process of stealing information but the process of selling it afterwards. Hence the aim of The Hidden Data Economy is to bring realisation; McAfee Labs believe as a society we must be concerned of successful breaches, and as individuals we must take measures to prevent them.