Report: Pandemic caused significant shift in buyer appetite in the dark web

Report: Pandemic caused significant shift in buyer appetite in the dark web

Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internet’s underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a full 180-degree turn—including the criminal world.

Almost everything we do is not how we used to do it before, and this is true for public and private individuals, organizations, and governments. And it’s certainly true within the dark web.

According to a recent report by, the most valuable data currently being peddled within the dark web are from services that bring about a little ease, relaxation, entertainment, and, admittedly, a little sanity for people sheltering in place.

Here are the findings

It’s no surprise to see a population on lockdown spending more time online than they normally would. And with nothing more important to do than keeping the house tidy, many have been busy binging on TV shows and movies, getting groceries delivered, and investing in mental health or learning something new. Because of this shift, data on these accounts fetches a high price tag on the dark web.

Data related to 72 percent of entries in the above table are noted as “New Item,” which means that they were never traded last year, and yet, they command the highest price tags in the underground market today. This not only gives us an idea of how profound the shift is in the dark web, but also solidifies what we already know: cybercriminals follow the money. And if these sources happen to be low hanging fruits, even better.

Other data types continue to be on high demand during the pandemic. Below is a shortened list of items for sale on the dark web and how much they are worth on average.

More data on the dark web

  • Whether the world is in the middle of a pandemic or not, details related to plastic cards, such as debit and credit cards, and banking credentials remain sought after commodities. It is, after all, practically effortless to pull off a heist when you use someone’s stolen credentials to open their account and empty it.
  • Underground vendors were also seen selling a fraud bundle, which comprises of hacked debit card data, cryptocurrency accounts, and SIM cards. This allows criminal buyers to SIM jack accounts and syphon money to crypto accounts. Such a bundle is sold for the maximum price of $4,600.
  • Fraudsters kept their eyes on SMBs and consumers as they continue to sell details for Cash App (at $47) and Venmo ($14).
  • The price of hacked Verizon accounts ($102.50) is noted to have increased ten-fold as they are now being bundled to include customers’ personally identifiable information (PII), such as social security numbers (SSNs) and dates of birth. Not only can buyers use these accounts for personal use, they can use real-world data about someone to pose as them or create new, synthetic identities.
  • The lack of air travel during the pandemic had forced some people to settle for the next best thing to a vacation: a staycation. And Airbnb offers the perfect service for this. Airbnb accounts are now more prized than ever. Now valuing $13.50, these accounts can be used to create fake listings or as part of a bigger phishing campaign.
  • Hacked accounts from health and wellness services like Peloton, Headspace, and Fitbit (all sold for $7) are used for identity theft and potential house burglary using GPS location data.
  • It’s interesting to note that Facebook continues to be the social media platform of choice for cybercriminals. With hacked accounts now valued at $7.79, the platform is still a potent avenue to find and reach targets for various social engineering campaigns. It’s likely that its value will increase as election day draws near.
  • Scammers love entertainment services as much as we do, so it’s no surprise for them to start asking for stolen accounts for Netflix (sold at $6), Disney+ (sold at $7), YouTube Premium (sold at $7.50), and Spotify (sold at $3.50).
  • Hacked student emails (sold at $6) are hot, presumably because of the “.edu” domain that goes with it. For a targeted campaign, this would be more useful as it brings legitimacy to the content of the email and the purported sender.
  • Perhaps what the security community should keep an eye out for are accounts related to new content platforms, OnlyFans (sold at $16) and MasterClass (sold at $6). It is still unclear why such accounts are in high demand and how they are used to commit crime.

Some points to ponder

Because there is an abundance of new hacked data being peddled in the underground, one might wonder if this is just because of the pandemic, and that such goods would eventually decrease their value—if not kill the market entirely—once a vaccine is found and life goes back to normal. So, we asked Simon Migliano, Head of Research at, and he thought that these accounts will continue to sell.

“The reality is that even if people do stop using services such as Instacart or Peloton as they return to picking up their own groceries or going to the gym, it’s unlikely that they will completely delete their accounts when they cancel their subscriptions,” Migliano said, “This abandonment of unused accounts is an aspect of consumer behavior online commonly exploited by cybercriminals to harvest personal data.”

Migliano also asserted that, if not for the pandemic, these peddled goods would have looked quite different. “Had there not been a pandemic, we would have seen many more travel brand accounts credentials for sale, such as for Uber, Expedia and JetBlue. I would also have expected to see a much greater range of online retail beyond Amazon and big box stores like Walmart.”

Time to wise up on cybersecurity best practices

If you, dear reader, are worried about the data found for sale on the dark web or have accounts on any of these sites and services, it’s a good idea to start taking computer security hygiene seriously. If you’re not sure where to begin, here are some quick and helpful tips:

  • Use a password manager. They help hold multiple strings of account passwords that our memories cannot, plus encrypt and sometimes periodically change those passwords to keep them away from prying criminal eyes. Another option is to use a hardware authentication device or a hardware security key, and there are a lot of them in the market for you to check out.
  • Always have two-factor authentication (2FA) enabled on all your accounts.
  • Spring clean online accounts you don’t use or rarely use. Much like what we do with the apps we install on our phones but never got around to using them until they were forgotten, we should also make it a point to check for possible accounts you own and delete them if you haven’t used them for months or years. It’s a bit of a chore, yes, but like forgotten apps, these accounts could be unlocked doors just waiting for cybercriminals to open.
  • Keep an eye out for notifications of account breaches. Some of the services we use are responsible enough to let us know when something has gone wrong. But there are also services that neglect this important step. If you’re unsure whether your account for a certain service has been compromised, try visiting and sending a query to Have I Been Pwned.
  • Update software on all devices you use.
  • Install software that can protect you from malware and harmful sites.

Now is as good a time as any always to start making a habit of practicing effective security methods, whether you are still sheltering at home or have ventured out into the world. Equip yourself with knowledge and common sense online behaviors, and you can protect against threats from the dark web or anywhere else.

Stay safe!