Researchers at Whizcase gathered a year’s worth of data about stolen accounts from January 2022 through 2023. “The account values show several effects of supply and demand,” Whizcase said. “And the fact that no one is safe from cybercrime.” Researchers noted that by far, “the most abundantly available accounts were that of social media.” LinkedIn, Facebook, Discord, Instagram, and several other platforms’ hacked accounts were up for sale on the dark web, with prices ranging from $6 up to $45. Dark web payments are typically made with Bitcoin or other hard-to-track cryptocurrencies. Hacked account packages are also available, as is the ability to buy retweets and likes, Whizcase said.
Social Media, Entertainment, and Communication Accounts for Sale
According to Whizcase’s report, there are various types of accounts for sale on the dark web right now. LinkedIn and Gmail accounts top out the list in terms of price, at $45 each. “This is not surprising, considering that this platform caters to a professionally minded audience,” Whiscase said of LinkedIn. A hacked Gmail account is equally as expensive as LinkedIn because “most businesses use Gmail daily,” Whizcase added. Following these, a Facebook account goes for about $14, while a WhatsApp account costs $18 on average. Furthermore, Discord and Instagram accounts sell for $12 each on average, while TikTok, Reddit, Telegram, and Signal accounts can be had for between $6 and $8. A hacked Twitter account costs $10. Other hacked entertainment accounts such as SoundCloud, Spotify, Netflix, and Apple music go for between $6 and $15, Whizcase said.
Hacked Account Packages Available for a Set Price
What’s more, dark web markets offer a package deal where, for $127, “one can buy a hacked account from all major social media networks.” Such a package includes; LinkedIn, Facebook, Discord, Instagram, Snapchat, Twitter, Pinterest, Tiktok, and Reddit accounts. Cybercriminals most often obtain these stolen accounts via successful email phishing campaigns that compromise users’ credentials. Passwords are also regularly targeted by hackers, especially considering the most common passwords in 2022 were “password” and “123456.” From there, hackers can exploit this to hack into users’ financial accounts since they are often linked, Whizcase said. Users can then be locked out of their accounts and need to cancel bank cards entirely to avoid fraudulent charges. “This can potentially allow cybercriminals to use these accounts to reset passwords their original owners used to sign up for various services. This could include financial and payment accounts as well,” Whizcase said.
Social Media Engagement Manipulation Services
On top of stolen social media, entertainment, and communications accounts, dark web marketplaces also offer social media engagement services. Services include Twitter retweets, Twitch and Instagram followers, and Instagram and Facebook likes. These services range from $25 for 1,000 Twitter retweets to just $6 to boost Instagram followers, respectively. “The advantage of this versus setting up direct bot accounts is that the hacked accounts originally belonged to real people, meaning that the manipulation campaigns will be much harder to detect by social media networks,” Whizcase added. It is also possible to choose which country likes or retweets originate from for a few extra dollars, Whizcase said.
Security Recommendations
Insufficient practices, like using the same password across multiple accounts, not using multifactor authentication, or improperly engaging with a phishing email, could lead to financial losses and identity theft. Although law enforcement is always working on shutting down dark web marketplaces where hacked accounts and various other illegal data are sold, new marketplaces seem to crop up quickly thereafter. It is undeniably difficult to stop online criminal activity. Therefore it’s essential that online users practice proper cyber hygiene to keep their social, entertainment, and communication accounts more secure. The first step is to create secure, impossible-to-guess passwords and be aware of phishing scams. For a step-by-step guide on how to strengthen your personal cybersecurity, check out our essential cyber hygiene guide.