Why Your Social Security Number Isn’t as Valuable as Your Login Credentials

• While your Social Security number (SSN) is still a valuable piece of information to identity thieves, it is not as valuable as login credentials.
• According to Privacy Affair’s Dark Web Price Index, the current cost of a SSN on the dark web is $2. However, Digital Shadows reports that the price for an email administrator’s login credentials is as high as $120,000.
• Stolen login credentials are increasingly the cause of data breaches as well as the information sought. The recent Colonial Pipeline cyberattack was due to a compromised password in a system without multifactor authentication. Also, 8.4 billion passwords, which have presumably been combined from previous data leaks and breaches, were recently posted in a hacker forum.
• Identity thieves want login credentials because they can automate cyberattacks or commit scams that require less effort and have a higher payout. It’s why good cyber-hygiene practices like using multifactor authentication, unique passphrases and secure connections have never been more critical.
• To learn more, or if you believe your login credentials were stolen, contact the ITRC. You can find our latest resources on the company website. You can also speak to an advisor at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

When people think about their Social Security number (SSN), they may think of it as a valuable piece of personally identifiable information (PII). In fact, one of the most popular resources on the Identity Theft Resource Center’s (ITRC) website is our SSN FAQ. However, your SSN is not as valuable to an identity thief as you might think. The same cannot be said about login credentials.  

The Cost of a Social Security Number on the Dark Web 

According to Privacy Affair’s Dark Web Price Index, right now, the cost of an SSN on the dark web is $2. It is still very important people protect their SSNs. A stolen SSN can put people at risk of many different forms of identity theft. With that said, it’s not necessarily what the criminals are after. 

The Cost of Login Credentials on the Dark Web 

Digital Shadows reports that the price for an email administrator’s login credentials is as high as $120,000. According to Privacy Affairs, hacked emails and social media accounts are also a lot more expensive than SSN’s on the dark web as of May 2021. 

• A hacked Gmail account is $80. 
• A hacked Facebook account is $65. 
• A hacked Instagram account is $45. 
• A hacked Twitter account is $35. 

Login Credentials are the Cause of Some Cyberattacks 

Increasingly, data breaches are also related to credential theft. According to Bloomberg, the Colonial Pipeline cyberattack that led to gasoline shortages on the East Coast was due to a compromised password in a system that did not have multifactor authentication. Cybernews recently reported that a file with 8.4 billion passwords, which have presumably been combined from previous data leaks and breaches, was posted on a hacker forum. 

More than 15 billion login credentials are available for sale at any given time in underground identity markets. Consumers also willingly share them as part of phishing attacks and spoofed websites. Cybercriminals use automated tools that can attempt to access 500 accounts per second using stolen logins and passwords. According to Akamai’s new ” State of the Internet ” report, there were 193 billion failed attempts to gain access to targeted users’ accounts using stolen or reused login credentials in 2020. The number of login attempts using login credentials increased more than 310 percent, from 47 billion in 2019. 

Why Login Credentials are So Valuable 

Identity thieves want login credentials. They make more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information. Cyberattacks that require logins and passwords to get access to corporate networks for ransomware or Business Email Compromise (BEC) scams require less effort. They are also largely automated, meaning the risk of getting caught is lower, and the payouts are much higher than taking over an individuals’ account. The average ransomware payouts for all businesses have grown from less than $10,000 in Q3 2018 to more than $300,000 per event by the end of Q1 2021. Large enterprises are making average ransomware payments of more than $1 million. BEC scams cost businesses more than $1.8 billion in 2020, according to the FBI.  

What You Can Do to Protect Yourself 

It remains crucial that people continue to protect their PII, like their SSN, to reduce their risk of identity crimes. However, with cybercriminals shifting their tactics, good cyber-hygiene habits are more important now than ever.

• Use multifactor authentication on all accounts. It provides an extra layer of security by requiring at least two separate verification steps to log into an account. Use an authentication application if possible instead of a text or email. 
• Connect to secure networks with a VPN to keep outsiders out. This practice will prevent hackers, identity thieves, spammers and even advertisers from seeing online activity. With that said, make sure you keep the VPN software up-to-date to avoid the VPN becoming another avenue of attack. 
• Keep the software on all your devices up-to-date. Anti-virus is designed to protect your devices from potential attacks by detecting and removing software viruses and other malicious software. Keeping applications on your phone, tablet, computer and smart devices up-to-date are equally important. Enable “automatic updates” to ensure security patches and software updates are automatically applied. 
• Use a unique passphrase on all of your accounts. A 12+ character passphrase is easier to remember and harder to crack. Using a different one on each account will also prevent credential stuffing because hackers will not be able to gain access to multiple accounts with a single password.  

Contact the ITRC 

If you have more questions about login credentials or believe your login credentials were stolen, contact the ITRC. You can find the latest news and resources on our website. You can also speak with an advisor toll-free by phone (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.