![[Illustrative] A man holds a laptop computer as cyber code is projected on him. (photo credit: KACPER PEMPEL/REUTERS)](https://images.jpost.com/image/upload/q_auto/c_fill,g_faces:center,h_537,w_822/460142 "[Illustrative] A man holds a laptop computer as cyber code is projected on him.")
The study examined the cost of bundles of personal info called "fullz," short for "full credentials," which contain names, birth dates, addresses, phone numbers, account numbers and other personal information used by criminals for identity fraud.
Israeli fullz are not the cheapest on the market, but also aren't the most expensive. The cheapest fullz are American identities, which on average sell for $8, while Japan, the UAE and Europe have the most expensive identities, averaging at $25.
The price of fullz can also be affected by the amount or type of information they include.
While credit cards are the most frequently stolen form of payment data on the dark web, PayPal accounts are worth more on average, ranging from $5 to $1,767.
Nearly two out of every three stolen credit cards are issued in the US, according to cybersecurity firm Sixgill. The second-largest source of stolen credit card data came from the UK.
The most valuable credit card data comes from the EU, averaging at $8 per card. Card worth is affected by the amount of info included in the sale, including names, CVV, postal code and expiration date.
The study found that the median credit limit on a stolen card is 24 times the price of the card on the dark web, while the median account balance of a hacked PayPal account is 32 times what a cybercriminal pays on the dark web, which may explain why PayPal accounts tend to be more expensive.
Dark web vendors tend to try and have a strong reputation and positive feedback, as customers will often pay a premium for goods and services they know they can rely on.
In an example presented by the study, a PayPal account was listed for $811, with the vendor promising that the balance would be 5,000 euros, give or take 200 euros, with a 48-hour replacement guarantee if the charges are disputed. Customers could request a date and time to receive the account and could even receive a number of accounts adding up to the promised amount if the promised amount was available in a single account.
The study comes after a series of large scale cyberattacks were reported in recent months around the world.
In Israel, the Shirbit insurance company, the Amital software company, Ben-Gurion University of the Negev and Israel Aerospace Industries were targeted by cyberattacks in recent months, with the full extent of the damage unclear in at least some of the cases.
In the Shirbit attack, thousands of documents containing personal information were leaked to the public by the hacker group Black Shadow. The group also threatened to sell collections of data they said they stole from Shirbit to competitors and foreign governments.
Despite the public leaks of thousands of documents, Shirbit has continued to insist that only a “relatively small” number of documents were leaked and that the decision not to pay the ransom the hackers demanded was not from "financial considerations, but rather for the good of the customers," according to Israeli media.
In December, customers of US software maker SolarWinds, including sensitive US government networks, were subjected to a global cyber-espionage campaign after a "backdoor" was used by hackers to compromise them. The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half a dozen federal agencies and potentially thousands of companies and other institutions. The full extent of the damage is still unclear.