Your entire ID is worth £820 to crooks on dark web black market

Fullz and their money are soon parted

By John Leyden


Fraudsters operating on the dark web could buy a person's entire identity ("fullz" in the cybercrook lingo) for just £820.

Bank account details, Airbnb profiles and even logins are worth money to bidders that reside on the murkier side of the internet, a study by virtual private network comparison site found.

While online bank details are currently worth around £168 to dark web bidders, and Paypal logins a higher price of about £280, passport details fetch as little as £40. Hacked web accounts – such as access to your profile, Facebook and even Deliveroo – give criminals a backdoor into identity theft for less than a fiver.

Even eBay accounts with their broad scope for fraud fetch just £26 on the dark web. Compromised PayPal accounts are among the most widely traded items.

The average person has dozens of accounts that make up their online identity – all of which can be hacked and most of which can be sold on. reviewed tens of thousands of listings on three of the most popular dark web markets – Dream, Point and Wall Street Market – in putting together its Dark Web Market Price Index.

So you're thinking about becoming an illegal hacker – what's your business plan?


Communications services, such as Skype logins, are worth less than £10 despite their utility as a way of sending links to phishing sites or attempting other cons against the contacts of users of compromised accounts.

Even logins to dating sites like have some value, and tend to earn dark web sellers on average £2.24, because they offers criminals the opportunity to "catfish" potential matches, sparking up relationships to manipulate people for financial gain.

Despite the importance that some attach to social media, compromised Twitter and Instagram logins are among the least valuable on the dark web – even though they offer a useful backdoor to fraudsters planning to commit identity theft.

Simon Migliano, head of research at, said: "Some of the accounts we found for sale open the door to even more ingenious scams. A hacked Airbnb account, for example, could allow a scammer to pocket hundreds in booking fees or even stay at high-end properties as a guest and burgle the hosts. At less than £6 initial outlay, that's very appealing to a cybercriminal.

"Our research is a stark reminder of just how easy it is to get hold of personal info on the dark web and the sheer variety of routes that fraudsters can take to get hold of your money. This really underlines the importance of two-factor authentication and more generally secure use of websites and apps," he added. doesn't offer a view of whether dark market personal info prices are going up or down but security experts who keep tabs on assorted deep web malfeasance suspect the latter.

Raj Samani, chief scientist at McAfee, commented: "It seems like the prices are a little lower than when we wrote our paper in 2015. However, there are certainly more services on offer than before.

"Validity rates are not included so like-for-like comparisons are challenging." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Snail mail thieves feed international identity theft rings say Oz cops

A little bit of social engineering, a little bit of lax physical security and a whole lot of pain

Florida Man sues Verizon for $72m – for letting him commit identity theft

2017 is off to a flying start

ID theft in UK hits record high as crooks shift to more vulnerable targets

Less checked online services bear brunt

US taxmen pull plug on anti-identity-theft system used by identity thieves

That's not how this works, that's not how any of this works

Microsoft to pay new bounties for identity services holes

If ye can board Microsoft accounts, Azure AD or even OpenID without the skipper knowing, loot be your reward

Internet Society: Cryptocurrency probably not an identity system

ID on a blockchain? Maybe. ID on Bitcoin? Forget it

Ohi-D'oh! US prison hands inmates' SSNs over to... an identity thief

Convicted fraudster says he was given personal details in records requests

10/10 would patch again: Big Red plasters 'easily exploitable' backdoor in Oracle Identity Manager

Remote unauthenticated attack bug gets perfect CVSS score

Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

$5/hr DDoS floods, $123 Gmail accounts, and so on

SAP gobbles customer identity management startup Gigya for $350m

Gets its mitts on juicy GDPR-friendly data security tech