How do hackers make money? How much is your data worth?
Many individuals neglect the need to follow proper data management practices because they have nothing to hide.
However, contrary to a common belief, hackers target not only corporations. Regular internet users are on the radar too.
How do hackers make money? Why and how can unprotected data bring profit to a cybercriminal?
How do hackers make money ?
There are multiple ways hackers earn money targeting both individual users and businesses.
The estimates show that over 2,200 cyberattacks happen daily. That means one cyberattack targets its victim every 39 seconds.
The primary strategy to earn money as a hacker is to steal sensitive data, sell it or require someone to pay for it. For example, once a cybercriminal leaks the company’s customers’ database, he would usually upload it to the dark web or hackers’ forums for sale.
Yet, depending on the cybercrime, the attacker might also request the victim to pay the ransom. Statistically, at least 70% of people would pay money to get their devices and systems unlocked. And that might cost $1077 on average.
In an enterprise, the price of ransom has no limits. It can even reach as much as $4.5 million.
How do hackers obtain sensitive data?
How do hackers steal, leak, or obtain the data for selling in the first place?
Although there are countless ways a cybercriminal can acquire data, here are the most common methods that any business or individual should be aware of:
Phishing
Hackers make money by using social engineering techniques. Phishing, the most common one, includes impersonating a legitimate organization (such as a bank) to obtain personal information: username, email address, password, or even credit card information.
Exploited security vulnerabilities
However, not always the user is to blame. If big corporations have security vulnerabilities in their system, there are high chances professional hackers will find them. As a result, such huge players as LinkedIn get 700 million users’ data leaked; Yahoo – 3 billion.
Credential stuffing and brute force
Last, hackers make money by successfully exploiting poor password creation and management practices. Precisely, passwords are the reason behind 81% of company data breaches.
Every weak, easy-to-guess password is highly prone to brute force attack. The hacker tries every possible combination of username and password until he cracks the account. If your username is admin and your password is 12345678, most likely, the attack will succeed.
Similarly, if you reuse your passwords on multiple platforms, you are especially prone to credential stuffing attacks. As discussed, after a massive data leak, your login details are dumped on the dark web forum. By buying an entire database, the cybercriminal tries out your leaked login data on other platforms. If you reused your password, the access is almost granted.
How much is your data worth on the dark web?
Not all types of data are identically valuable. Depending on the sensitivity of the account, the financial worth differs.
- The credit card number, CVV, name, and expiration date are worth $17.36 on average.
- The price for PayPal account data fluctuates between $5 and $1,767.
- Hacked social media accounts (Facebook, Twitter, Gmail, Instagram, etc.) are worth $35 to $80.
- eBay account with 1000+ reviews can cost as much as $1000.
- The price for a hacked crypto account starts from $300.
Each sensitive account you possess is an attractive way for hackers to make money. Therefore, even if you have nothing to hide, your data is still worthy for someone.
How to protect sensitive data?
Hackers make money by finding ways to steal sensitive data. Here are a few crucial tips on how you can limit those ways and hence protect your accounts:
- If your account was leaked during a data breach, change the password immediately.
- For each platform, use a unique, strong password. Ideally, it should be randomly generated and consist of at least 15 characters, capital letters, numbers, and special symbols.
- Never reuse the same username (or email address) and password on two or more accounts.
- Never send your passwords in plain text (f.e., in chats, emails).
- Do not store your credentials in a plain text file (f.e., notes, google sheets, etc.)
- Use a password manager to store and share unique passwords within an encrypted vault.
- Never reveal your sensitive data to anyone if you do not trust the person.
Hackers make money by exploiting (too common) cybersecurity mistakes individuals and businesses make. Start following the steps today so that your sensitive data is never sold online.