Cybercriminals selling UAE personal data on dark web, making millions: Study

Published: Updated:
Read Mode
100% Font Size
5 min read

A new study by cybersecurity company NordVPN has analyzed one of the dark web markets that has illegally sold $17.3 million worth of personal data – with the research showing UAE’s payment card data is the fifth most expensive globally, costing twice as much as the world’s average.

Among the more than 720,000 items of data sold globally on the website, passports, personal IDs, driving licenses, email, payment card data, mobile phone numbers, online accounts, bank account logins, and crypto accounts are included as well as other personal data.

For all the latest headlines follow our Google News channel online or via the app.

Once an individual's data are put up for sale on the dark web, it is incredibly difficult to get them removed. Most people have no idea that their data are being sold in this way until it's too late. This is why data breaches can be so dangerous, according to Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

“This one market is just the tip of an iceberg,” he said. “There are over 30,000 websites on the dark web at the moment. Keep in mind that only four percent of the entire internet belongs to the surface web that is available to any user online.”

He added, “The market that was analyzed in our case study was chosen because it was used by some big hacker groups in the past.”

The study was conducted in partnership with third-party cybersecurity researchers with an aim to warn users about the possible dangers of illegal activities people take part in on the dark web.

Average prices of found UAE items and data

It found payment card data from the UAE cost about $20, twice as much as the world’s average ($10) and is the fifth most expensive in the world. UAE payment cards are so expensive because of the country's image as a financial center, said Warmenhoven.

Many hackers believe that if they can hack UAE cards - they can steal a lot of money, he said.

Other data that could be guessed were sold at much lower prices. United Arab Emirates mobile phones are sold at $10. Another easy way for hackers to steal a user’s data or digital asset is credential stuffing (when the leaked password or email is used to get access to other platforms).

That is why online accounts come at a low price: a hacked Netflix account can be bought for a little over $10, an Uber account for about $12, and a Twitter account for as little as $2.

Crypto wallets and investment accounts cost more than payment processing accounts and even more than some of the bank accounts. For example, Qatar National Bank account can be bought for as little as $10. With an average price of $394, the most expensive crypto account data is from Binance, followed by Kraken ($383). Payment processing accounts (e.g., PayPal) have an average price of $100.

Some criminals also buy emails in batches and use them for phishing attacks or other malicious purposes.

“The broad scope of the data offered on these criminal markets shows the importance of taking charge of your security and privacy online,” said Warmenhoven. “Your cybersecurity is in your hands.”

He added, “If you know the risks and equip yourself with the right tools and information, you’ll maximize your chances of keeping yourself and your family secure.”

Stay vigilant

Warmenhoven also said hackers get lots of data by targeting the websites and services you share your data with.

If a site or a service asks you for sensitive data, ask tough questions about how the company secures it and what it will do if its data is breached.

Warmenhoven said resident should also educate themselves.

“You can do a lot individually to protect your data. This will depend vastly on where you spend your time online, but you can be proactive and research ways to stay safe on the devices and services you use.”

One side of the coin is knowing how to protect your data, said Warmenhoven, and the other is knowing how to react quickly and effectively when your sensitive data is used without your permission.

“Request weekly bank statements or activate transaction notifications on your app. Turn on the security settings for all of your accounts so you know when login attempts are made from suspicious devices.”

Read more:

Cybercrime experts warn UAE residents to not fall foul of blackmailing scams

Dubai sets up money laundering court to ‘strengthen integrity of financial system’

Cyber security attacks must be top priority for firms in Gulf

Top Content Trending