The sad truth about how much your Facebook data is worth on the dark web

Were you impacted by Cambridge Analytica’s misuse of Facebook   data?

Facebook made agreements with at least 60 makers of phones and other devices that gave them access to the personal information of users’ friends without their consent, The New York Times reported Monday, citing company officials.

Facebook said in a blog post that device makers it partnered with “signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences.” Facebook also said partners like Apple   and Amazon  couldn’t “integrate the user’s Facebook features with their devices without the user’s permission.”

Cambridge Analytica improperly accessed 87 million Facebook users’ data, the social-media company acknowledged earlier this year. In the aftermath of that scandal, all 2.2 billion Facebook users received a message on Facebook called “Protecting Your Information,” laying which third-party apps have access to your individual Facebook profile.

There’s a depressing aspect of many recent privacy violations: The most important parts of your identity can be sold online for just a few dollars.

Consumers have to spend hours of their time — and, sometimes, their own money — when they find out their driver’s license, Facebook “likes” or Social Security number have been exposed to hackers. But those who sell them are making only petty cash.

That’s according to a new report from the content marketing agency Fractl, which analyzed all the fraud-related listings on three large “dark web” marketplaces — Dream, Point and Wall Street Market — over several days last month.

The “dark web” is part of the internet that people can only access by using special software. To create this report, Fractl accessed the dark web through the browser Tor. People buy other risky or illegal substances on the dark web, including drugs, pirated content like movies or music and materials that help with scams, including credit-card “skimmers.”

Facebook logins can be sold for $5.20 each because they allow criminals to have access to personal data that could potentially let them hack into more of an individual’s accounts. The credentials to a PayPal   account with a relatively high balance can be sold on the dark web for $247 on average, the report found.

One’s entire online identity, including personal identification numbers and hacked financial accounts, can be sold for only about $1,200 on the dark web, Fractl found.

That’s because so much personal information may already available to hackers, after repeated data breaches across a range of industries. It comes down to supply and demand, said Adam Levin, the founder of the security firm CyberScout and the author of “Swiped.” Hackers want to grab personal information and sell it as fast as they can, so they can move on, he said.

“With 5.3 billion records released due to accidents and 2.6 billion records released due to hacking last year, personal information is becoming cheap,” said Rick McElroy, a security strategist at the security firm Carbon Black.

Wealthier individuals are more valuable to criminals, and those without money are worth less, said Al Pascual, a senior vice president and research director at the security firm Javelin. But the more information hackers have, the more valuable the data.

“A college student with not a lot of money in the bank might be worth $50,” Pascual said. “If you’re near retirement, with a fat retirement account and plenty of money in the bank, you’ll be worth more.”

Voter data are also vulnerable and valuable during election season, Pascual said. There are more attempts to compromise voter records in the run-up to elections, including attacks against registrars’ offices. Electronic voting machines can also be compromised, he said.

Type of account	Average price log-in goes for on dark web
PayPal	$247
Costco	$5
ASOS (clothing)	$2
Airbnb	$8
Uber	$7
T-Mobile	$10.51
DHL	$10.40
Facebook	$5.20
Gmail	$1
Grubhub	$9

Logins for food delivery websites such as Grubhub can be sold for about $9 because they allow criminals to fraudulently order expensive food and alcohol.

And a login for the lodging site Airbnb can be sold for about $8 because it opens up “a world of scams,” Fractl said. Fraudsters have changed hosts’ payment details to steal their earnings, or have been able to assume the identities of well-reviewed guests in order to book their own stays. Airbnb has updated its security measures in the last year to combat fraud.

Consumers should always use two-factor authentication when possible, such as a password and a security question or a biometric login like a fingerprint, Pascual said. Amazon often asks consumers to re-enter their payment information when they are asking to ship to an unfamiliar address, he said.

Payment companies are coming up with their own strategies to combat online fraud. Capital One   recently introduced virtual, temporary credit card numbers that consumers can use at just one retailer and then delete.

Pascual also recommended signing up for security alerts on every account that offers them, so consumers can keep track of transactions as they’re made in real time. “For better or worse, individuals have to be their own advocates for the security of their identity,” he said.