How Hackers Monetize Stolen Data

With the rapid development in technology and cyber-security, it’s a given that cyber-criminals also had to diversify their repertoire. They are called hackers, and they steal information from users like you and me.

After that, they sell it to the highest bidder on the black market. The data breach can be patched up if noticed in time, but the leak has already allowed the hacker to extract valuable personal information.

These cases have been on the rise for some time now, with even popular companies falling prey to cyber-attacks and data theft. Big corporations, pharmaceutical companies, unlucky individuals, everyone can become a target.

This is why I think it’s worth it to know where the stolen data eventually ends up. After putting in so much effort to steal it, what do hackers do with it, and how do they sell it?

First things first, the hacker must make an inventory of all the information he’s stolen. He’ll stack up names, addresses, email addresses, phone numbers, financial information like credit card details. These can be used later on for another breach or sold off for a profit.

Security researchers say that this type of information is sold off in bulks for greater profits. Theoretically, the more recent the records are, the more money they’ll fetch on the black market.

Generally, this is the type of data a hacker will be looking for:

  • Account credentials – this includes usernames and passwords. They can be used for phishing purposes, for illegal insurance claims, spamming or extortion jobs. It all depends on what kind of account it is. Military or government credentials are extremely valuable by themselves.

  • Healthcare details – hospital admissions, records of known medical issues, insurance information, and general hospital records can give a hacker enough leverage to pull off a fraudulent insurance claim. A lot of people have even received fake hospital bills requiring them to pay for services they hadn’t requested.

The US federal government estimates that no less than 10% of the money sent towards the Medicare program is lost to fraud. Security professionals reported this year that one medical record was sold off for $250 on the black market.

Hackers can even establish fake medical practices and come up with false claims and insurances based on the stolen information. After all, how hard can it be to send bills with small amounts to elderly people which they assume they have to pay?

  • Educational information – school records, enrollment data, and student transcripts can be used for identity fraud. Blackmail and fake loan applications are possible as well.

  • Financial data – related to banking, insurance activities and billing which can be used for unauthorized payments, money transfers, identity fraud, and loan applications. Moreover, if a hacker manages to get a hold of all the information, they can even withdraw money directly from a victim’s bank account.

  • Payment card information – the owner’s name, card number, the expiration date as well as the CVV2 code are enough for a hacker to easily make fraudulent online purchases. When this kind of data is sold off on the black market, the repercussions are exponentially greater than with the theft of financial data.

Monetizing the stolen data on the black market

Trend Micro, one of the world leaders in security software showed what profits hackers get for certain types of data:

  • Diplomas are worth up to $400

  • Credit or debit card information is worth up to $110. McAfee said that a credit card with a CVV2 code on the back is worth between $5 to $8, but if it has the bank’s ID number, it can go up to $15. If it has the full information, it can go over $100 as well.

  • Passports can go up to $2000

  • Medical records are worth up to $1000

  • Online payment account credentials are sold at about $200

You can even find premium bundles being sold on the black market. These contain a victim’s name, address, age, birth date, Social Security number, medical information or financial information, and so on. The package is sold off for a much higher price, depending on how complete the profile is.

However, the good news is that most victims will take notice of their data being stolen and take the necessary steps to render it useless. If the hacker waits for too long, the credentials will become worthless.

In order to prevent or counter these risks, you should take the appropriate measures immediately:

  • Notify your bank if your account details have been stolen. Change your PIN code and freeze all your financial transactions

  • Never click on suspicious links, and never download materials from unknown sources

  • Pay close attention to any suspicious emails you receive. Hackers can easily pose as bank representatives and ask for your credentials. As a golden rule, remember that banks will never ask for your PIN code or home-banking information.


In the end, you have to be extremely careful and prepare yourself accordingly before using the internet. There are too many ways a hacker can get your personal information, usernames, and passwords, which he can then use to access your PayPal or banking accounts.

What’s more, IT specialists have said that people show the tendency of reusing passwords. Which solves the mystery of a cyber-criminal managing to break your bank account after stealing your Facebook password, for example.

As for the stolen data, the black markets and the underground hubs are the gathering place of all the merry cyber-criminals who want to gain a profit. While some of these places are already kept under strict surveillance, the transactions are becoming harder and harder to control and predict.

As always, in order to avoid such unfortunate incidents, precaution is golden.

Written by Bogdan Patru, cybercrime analyst at VPNTeacher, a website dedicated to keeping you informed on cybersecurity and privacy issues.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close