Criminals are selling your stolen personal data for as little as $1 on the "dark web" and it's mainly your fault, a new report on Wednesday revealed.
The so-called dark web is a heavily encrypted part of the Internet that makes it difficult for authorities to detect the location or owners of a website. It is notorious for hosting marketplaces selling illegal items such as drugs.
Hackers responsible for data breaches at companies often put the information they have stolen on the dark web for others to buy and make use of for financial gain.
But interestingly, the price hackers are charging for personally identifiable information (PII) such as names, addresses, and social security numbers has actually come down because of an "oversupply…from numerous data breaches", cybersecurity firm Trend Micro said in a report on Tuesday.
"There's actually a big surplus of PII currently available in the cybercriminal underground. This has caused its price to drop significantly, from $4 last year to $1 this year," the study found.
Personal information is just one of many bits of information that can be bought on the dark web. Credit card details are also being sold in bulk to reduce the price. Trend Micro notes that there is no difference in price between different card brands like there was a year ago, again due to an "oversupply" from numerous data breaches.
Even log-in credentials for banks around the world are being sold but at very high prices between $200 and $500 per account. The larger the available balance of an account, the higher its selling price, Trend Micro notes.
The information that can be purchased on the dark web does not stop there. In fact, accounts for mobile phone operators in the U.S. can be bought for $14 per account, while PayPal and eBay accounts are sold for up to $300 each.
Even Uber accounts were being sold for around $1.15 each, though the company told CNBC it has recently put in measures to stop those stolen accounts being used.
And Trend Micro's "Dissecting Data Breaches and Debunking the Myths" report comes up with a surprising conclusion – the main reason for a data breach is mainly because of the device users rather than hackers.
Forty one percent of data breaches were down to a user losing their device or having it stolen compared to twenty five percent as a result of hacking and malware, the cybersecurity firm said.
"Companies may often overlook the kind of sensitive information stored on their employees' laptops, mobile devices, and even thumb drives. If any of these devices get lost, stolen, and are left unprotected, they become an easy way to steal data," Trend Micro's report said.
"This doesn't mean, though, that hacking and malware are not serious…Compared to device loss or theft—which can be mitigated through remote device wipe, the use of virtual infrastructure, and enforcement of stricter policies—hacking and attacks using malware are more planned and deliberate."