Apple must be doing something right as the cost of Apple ID data on the Dark Web has dropped, even as the value of Fortnite, Facebook, Netflix and Uber accounts has increased.
Apple is losing value
Last year, I reported that online scammers were spending up to $15 per account on Apple ID information, making Apple customers, “the most appealing targets” for scammers.
The latest edition of Top10VPN’s Dark Web Market Price Index claims scammers are only willing to spend up to $11 for this information today and are targeting arguably less well-secured services instead.
Bank details remain the most sought items on the Dark Web. These are changing hands at over $450 per account. Best Buy accounts will set you back around $27, the report claims.
Supply and demand would suggest that if the value of an Apple ID has fallen then the market must be saturated with that information.
I don’t believe that to be the case. In the absence of any reported major attacks on Apple users, I see news that the value of a hacked Apple ID has declined as suggesting that Apple’s security protections and increasing vigilance on the part of its customers means the accounts are better protected.
Apple’s effective (if at times annoying) two-factor authentication systems, which it made mandatory for use by iOS 11 and macOS High Sierra users in September 2017 may have helped this along. Other less well-protected services look immediately more valuable as a result.
How much are you worth?
Here are a few examples of typical prices based in information sourced from across five of the most popular Dark Web markets:
- Debit card details: $250.
- Passport: $18.50.
- Amazon account: $30.
- Home Depot: $5.
- Uber: $11.22.
- Expedia: $10.
- Skype: $1.25.
- Facebook: $9.12.
- Twitter: $2.02.
Researcher Simon Migliano notes that values in the market for stolen ID fluctuates just like the cost of products in any other market:
“Last year’s serious security breaches involving Facebook and Best Buy customers led to vast quantities of personal data flooding these black-market sites. The high-profile nature of these hacks has also created quite the appetite for these stolen account details, meaning that prices have notably jumped since last year too.”
How can you tell if any of your services have been hacked?
What are scammers doing with these accounts?
Sometimes they just want to take an Uber on your coin, while others seek to use access to these accounts as a stepping stone to break into any other services you might use.
It’s hard to be certain if the account security of any of the services you use have been hacked, but the Have I Been Pwned service is a useful way to find out if your email is associated with any known hacks.
You can also use the existing checks built-into your existing services, for example:
If you use Gmail, you should log-in to your account online and choose Last Account Activity at the bottom right of the Gmail interface.
This will show you a list of all the different devices and IP addresses that have logged into your Gmail account. If you see an anomalies, you should tap Sign out all other web sessions and then change your password. It’s a bit of a chore as you’ll need to input it into all your other devices, but it’s honestly for the best.
You should also use the account security dashboard to review any applications with permission to access your account, disable the ones you don’t need, use or recognize.
Here are links to other security pages for popular email services.
Obviously, in the event you find your service has been hacked then you should immediately change the password you have been using.
I’ve also put together several reports to help readers stay safe online, including:
Stay safe out there.