Do hackers make money

Do hackers make money DEFAULT

How does a professional hacker make money in information security?

Professional Hacker.jpg

The national average for an ethical hacking job in the US is around $119,000. The lowest paying region is Minneapolis at around $97,000 while the highest is San Francisco where the average is $150,000. The point is that being a professional hacker is not only an interesting profession but it’s a very high paying one. In addition to a high salary there are many ways for a good hacker to make money outside of a normal job, which is good for people that want to make their own schedule or don’t want to be tied down to any one location. Here, I go over how a professional hacker makes money.

Why do companies hire professional hackers?

The reason companies hire professional hackers (generally) is for security testing. They hire hackers to try and hack into their company to get a better understanding of how effective their security controls are and what they need to change in order to be more secure. For example if a company is releasing a new web application they will hire people to hack into the web application and see what the weaknesses are before the application is released. This way when the application hits the market, it’s less likely that hackers will be able to find a weakness in the application that will cost the company money.

Secondly, private companies and governments also hire hackers to hack their competition. When it comes to private companies they have an interest in getting information on their competitors plans or in making the competitor’s services unavailable to customers so that they have no choice but to switch over to their services. This is 100% illegal and therefore not something that I would ever recommend but just as a fyi, it does happen.

Government agencies have an interest in hacking other companies as a form of espionage. Since much of a government’s information is kept in electronic form, being able to hack into a government agency or a third party provider of a government agency can provide useful information. Secondly, some government’s also use cybercrime as a means of generating revenue. The most famous example of this is North Korea that generates millions of dollars every year through a dedicated cybercrime division of their government.

Ways to make money as a Computer Hacker?

Employment: The most basic way to make money hacking computers is to work for a company as a penetration tester. This would be a full time employee where your primary job responsibility is to test the security of different areas of the company. This is probably the easiest method to make money and it’s a good place to start. You will get a chance to work with other people who are more experienced and learn the industry.

Freelance: This can be done part-time along with a job or full time. Many companies have what are called bug bounty programs, these are programs where companies give people permission to hack into certain areas of their network, application, website etc. In return for the hacker disclosing what they found the company gives out a cash reward. Several companies such as Facebook, Intel, Snapchat, Cisco, Dropbox and Apple have bug bounty programs. You can find a list of the 30 top bug bounty programs here. The great thing about this is that it’s open to everyone and scalable so you can work how much or how little you want. The downside is there is a lot of competition. It can be difficult when you’re just starting out to find bugs that are significant enough to warrant a reward before someone else does. This is going to be more for intermediate to experienced computer hackers. 

Contract: The difference between this and freelance is in a contract position you’re usually working for 1 client for a short period of time, say 6-12 months. Many times companies don’t want to hire penetration testers full time. Rather they only have a need for them to test once or twice a year or to test a new product that they will be releasing. In these situations they will want to hire someone for a short period of time to do the work and then let them go if there is no need for them. 

Developing Software: If you’re someone with a programming background this is a good option for you. In order to automate many of the tasks related to hacking computers people like to use pre-made scripts or software applications. Experienced hackers usually make their own custom scripts or tools to make their job easier and faster. One way to make money as a hacker is to create software for other people to use and sell it. The upside of this method is that you get residual income because once you make a tool and keep it up to date, you can resell it to multiple people without having to do any other work.

Starting a Business: Many hackers don’t continue to hack computers full time. Many of them take their expertise and open a security business that focuses on testing company’s security. This method has the potential to bring in the most profit but will require the most experience/expertise. In some cases people have even gone from getting criminal charges related to cybercrime to creating their own business. One example of this is Kevin Mitnick who was convicted back in 1995 and served five years in prison for different computer and communications-related crimes. Today he runs Mitnick Security Consulting LLC. He is also the Chief Hacking Officer and part owner of a company known as KnowBe4 and an advisory board member of Zimperium.

Final Thoughts

Being a full time computer hacker is 100% a viable career path and business to get into. It offers more flexibility than most other jobs by giving you a lot of ways to make money outside of a job. However, the downside to this specialty is that it can take a lot of practice to learn. With the exception of creating software, every other method requires you to find security bugs in order to get paid. If you don’t have a history of producing then it will be difficult for you to find work. If you’re looking for something that’s easy to coast and slack off then this probably isn’t an area to get into. I would suggest this for people that find this area interesting and are willing to put in time outside of work to get good.


What is an Indicator of Compromise
Best VPNs for online privacy
How to write technical blog posts
Does Cybersecurity pay well
What is a CVE number
How to start a Cybersecurity Blog
How to write Cybersecurity blog posts
Best wordpress security plugins in 2021
Top 10 interview tips for cybersecurity

More Topics

Sign up to read more!

Shimon Brathwaite

Shimon Brathwaite is a cybersecurity professional, consultant, and author at securitymadesimple. He is a graduate of Ryerson University in Toronto, Canada. He has worked in several financial institutions in security-related roles, as a consultant in incident response and is a published author with a book on cybersecurity law. You can contact me here

The root of all evil

80% of all human endeavour is committed to making money, with the remaining 20% spent finding interesting ways to spend it. These are figures that I’ve just made up, but I said it in the Bulletproof office, and everyone nodded, which either means it speaks a certain truth or, once again, everyone is doing their best to ignore me. With this in mind, it’s fair to say people tend not to put a lot of effort into something unless they know they’re going to be financially rewarded for it. This includes hacking.

Whilst there are undoubtedly those who just hack for fun, the majority of malicious hacking is done, unsurprisingly, for financial gain. There are a lot of ways someone with a certain set of cyber skills can make money. The above-board way is to become a penetration tester, which can lead to a long, lucrative and satisfying career. However there are those who embrace the dark side become a hacker – and there’s a lot of ways a hacker can monetise their misdeeds.

From simple, age-old tactics to clever new strategies, there’s a lot that keeps the hackers’ economy afloat. Remember, most hackers are going to give all of them a go at the same time, so you need to be alert.

  1. Shiva definition hinduism
  2. Fitzgerald subaru
  3. Galaxy z fold 2 wiki
  4. Walmart garden blocks
  5. Va weather radar

How much money do hackers make? What does their income depend on?

One of the most lucrative jobs in the world is hacking, and people with computer talent tend to get into the world of hacking, but the common question is, how much do hackers earn?

In order for people to be able to make a lot of money in the world of hacking, they have to have a lot of perseverance and a lot of effort in this area, so that they can eventually achieve a lot of fame and earn a lot of money every month, hackers must have expertise in all areas related to computer in order to be able to achieve their goal easily, the world of hacking is very attractive to all people, and people with curious personalities are more interested in this field, because this world is endless and can create a lot of excitement for these people, the is important thing for all people in choosing a job is its income, if a job has a good income, people will be attracted to it easily.

There are many types of hackers in general, white hat and black hat hackers are two of the most important types of hackers, both of which can make a lot of money, white hat hackers work legally on the other hand, black hat hackers do illegal tasks, there are many organizations today that need to use white hat hackers to increase the security of their system and find and report security holes in their system before black hat hackers , their income depends on various factors, which we are going to discuss in more detail below.

How much money do hackers make?

How much money do hackers make?

Hackers may operate and spend their knowledge in various fields, some hackers, like red hat hackers, operate in such a way that they leave no trace, so accurate statistics on the amount of income that these types of hackers earn are not available, and most of them only trade through digital currency, for this reason, their income cannot be tracked accurately.

Some other hackers make a lot of money by finding security holes in the new software that is offered, and give software designers the necessary reports about bugs in the software which they have designed, and make a lot of money through this activity, another group of hackers that we have mentioned earlier is white hat hackers who work for large companies and earn a lot of money.

In fact, the presence of this type of hacker has become one of the requirements of any large company, due to the fact that they find all the security holes in the system and prevent malicious hackers from infiltrating the system, hackers' income ranges are from about $25,000 to $112,000, depending on the tasks that are being done by them, they generally have the highest average income, therefore people are willing to work in the hacking sector.

To date, more than $100 million has been paid to hackers who have been able to find bugs in other software, in fact, if a person can find the security flaws of a system, he/she can find many jobs and work in this field.

What does hackers' income depend on?

In general, the income of hackers depends on several factors, some of which we will discuss below.

- Hacker belongs to which group of hackers:

You know the fact that there are many types of hackers , and it is possible for a hacker to operate in one of its different types, with different levels of revenue, for example, one hacker may be a red hat hacker and another may be a black hat hacker , and so on.

- Hacker expertise:

When a person is called a hacker, that person certainly has expertise in this area, but the level of expertise of hackers is different and sometimes one hacker cannot infiltrate one system, while another one may be able to infiltrate the system easily.

The more professional a hacker is in his field of work, the more money he/she can earn, so it is necessary for hackers to be up to date and learn all the new tips quickly in order to be ahead of their competitors.

- Hacker creativity:

Creativity is very valuable in the world of hacking and two hackers may have the same knowledge, but one of them is more creative than the other, as a result, a hacker who is more creative can make a lot of money quickly and then gain a lot of fame after a short while, in addition to the cases mentioned above, the amount of income of hackers depends on other factors that ultimately cause a hacker to make a lot of money.

What methods do hackers use in order to hack?

Hackers gain access to information in systems by finding security holes, and may eventually gain access to all information in the system, they may use social engineering methods, sending spam emails, malicious links, virus-infected software, etc., to hack a system and access the information of different systems and users through all these facilities.

Also, white hat and red hat hackers follow all the methods that other hackers do, in all the actions that they intend to do, they try to put themselves in the place of malicious hackers, so that they can think like them and finally block all the ways of infiltrating the system. Here are some of the methods that hackers use to infiltrate security systems.

Methods that hackers use to hack:

- Social engineering method:

In this method, hackers , with their great knowledge and ingenuity, try to make someone provide them with important information by trusting them, and finally, the hacker abuses this trust of the user in order to achieve his desires.

- Hack hosting:

Choosing a secure host is very important and can help you to finally increase the security of your site and block the way for hackers, our suggestion is to get a dedicated host and get help from experts in this field to configure it accurately.

- Infiltration through the presence of security holes in the physical security sector:

The physical security of a system and organization is very important and all the necessary points to increase security in this area must be done properly.

- Malicious software:

As we mentioned, hackers have a lot of knowledge in various fields of software, hardware, etc., and because of this knowledge, they can earn high incomes, so they can easily design malicious software, and offer this software to different users, so if users download and use it, hackers can easily infiltrate their system and receive their important information, such as credit card number and so on, as a result they can make a lot of money and may also receive personal information from people, and use them to log in to that user account and send many messages to different people, which may contain spam links, or it may contain a request of money from users, all of which ultimately leads to hackers reaching the highest average income.

In general, hackers can make a lot of money in different ways, and their income depends on different factors as we mentioned before, but the characters of hackers are different, and this is why a hacker chooses to be a white hat hacker , whereas the other one with the same amount of talent and knowledge, prefer to be a black hat hacker to abuse people's information in order to achieve their personal desires.

How much money do hackers make?

Last word:

In this article, we tried to explain to you the reason for the increasing number of hackers and how much income each hacker can earn by hacking different systems or helping the systems to find security bugs in them, as a user, you should do your best to increase the security of your system as much as possible so that hackers cannot infiltrate your system and get your information even if they receive a lot of money from other people, in order to give your important and personal information to others, so the most important thing as a user is to block hackers way in order not to access your system, but as a hacker, you need to try to infiltrate systems because of its high income, but pay attention to the fact that there are eleven types of hackers, and you can choose the good ones like white hat hackers which are so helpful for society, so you can choose a useful job which has a high income.

Website SEO analysis services

Share with your friends

Hacking Banks For Money

Some hackers make more than $80,000 a month — here's how

US Markets Loading...HMS

REUTERS/Dado Ruvic
It's a known fact that hacking makes money. But how much money? And how do hackers carry out their internal dealings with one another so as not to step on each other's toes?

Much like the fine-tuned systems of mafias and gangs that act almost identically to businesses, hackers have also created their own extremely intricate systems — and the scale of their operations is astounding.

Security researchers have been embedding themselves into these online underbellies to see precisely what's going on. This way they can get an early look at the malware hackers are cooking up, while also learning just how the system works.

The information security company Trustwave has been doing just this for years. It now has a lot to show for it, including discovering how much money a hacking gang makes and how precisely the cybercrime ecosystem works.

Trustwave's VP of Security Research Ziv Mador has put together a presentation he gives to customers so they can get a better handle on how to protect themselves. As he put it, it's just a "glance of what we find."

But Mador has given Business Insider an exclusive look at the wheeling and dealing of hackers inside this secretive world — check it out below.

Forums — the online places where cybercriminals sell their goods.


Forums are "The Craigslist of the underground forums," explained Mador. "You can see how they advertise malware they would like to sell to each other."

It's where hackers and hacking gangs hawk their goods including trojans, bots, and other malicious pieces of software. 

Mador explained that it's "very difficult to get in" to these forums. They require a lot of vetting and trust from other criminals. 

Exploit Kits


Exploit kits are the bread and butter for how cybercriminals successfully hack the masses.

They are a malicious toolkit of various ways to deliver malware. Or, as Mador puts it, an "invisible web application that uses a cocktail of exploits."

Exploit kits have become preferred by cybercriminals because of their heightened success rate. Before, an average of 10% of users were successfully hacked, but with new and better exploit kits being made the success rate has risen to as much as 40%. 

What's in an exploit kit?


Here is a rundown of all the ingredients inside the exploit kit cocktail. These are the various malware cybercriminals have paid for, which they then distributed further to unsuspecting victims.

The business model


RIG's business model operates much like retail does, with a warehouse and resellers. So a RIG manager sells the exploits both directly and to other resellers for a variety of prices.

The resellers then also sell to other hackers, likely for a higher price. In total, RIG brings in more than $90,000 a week from this one manager.

There are other business models


The most common business model is that of RIG, which sells its exploits to other gangs who then sell them down the line. But a new model is emerging that has gangs selling directly to customers.

But with this model, the gang (which in this case is called Magnitude) gives the customer their exploit kit for free. The catch is it has the customer share a certain percentage of their malware traffic. The share of traffic the buyer gives up depends on how much traffic they accrue.

And the gang, when they get the payment traffic, can infect the victim with whatever malware they would like to use.

So if a buyer wants to use an exploit kit, they inject it into a website, but anywhere from 5-20% of that traffic goes back to the original seller, who then can do whatever they want with that victim.

Mador explained that this business model "makes a lot of sense." Buyers don't have to put up any money to cooperate and the gangs rake in a lot of cash for any traffic caught.

At the same time, he adds that the rental system is still more prevalent.



The malware Magnitude infected victims with when it got exploit traffic was called ' ransomware.' It follows a simple concept: If a victim is successfully infected, his or her computer files get encrypted, meaning that he or she loses all access to this data.

Obviously, a victim would want to gain control of this data back, but it comes at a price. Magnitude would ask the victims to pay using bitcoin. How much depended on whichever ransomware was used.

But this form of cyberransom is extremely lucrative. Trustwave tracked the flow of bitcoin into one ransomware account, it came to $60,000 in one week alone.


Hackers money do make

Top 5 Ways To Make Money Hacking in 2021

There’s so much to learn it feels never ending — the more you learn the less you know. The great thing about hacking though is even if you are a beginner there’s money that can be made while you gain experience, I guess that's why you are here. To make money hacking...

Whether you want to take your hacking skills corporate or freelance, I want you to remember to always stay on the ethical side of the internet. You can’t treat this like a game, what you are about to do is ‘attack’ real-life companies. It’s about finding the weaknesses, not exploiting them. S how do hackers make money? Here are five ways you can make money hacking in 2021!

1. Bug Bounties

You probably know what a bug bounty is even if you don’t recognise the name. You know when big-shot hackers get a six-figure bonus for a job, well, that’s a bug bounty. Big tech companies (like Google) will invite a talented group of security researchers (hackers) to hack their software. These jobs are usually posted on bug bounty websites. If the hacker can identify a threat or a weakness in the software they usually get a cash reward and get ranked on a hacking leaderboard. Although a lot of hackers who hunt for bug bounties do manage to pocket some extra cash on the side, not every hacker should expect to get a huge payday. It’s still pretty cool considering a lot of these guys started hacking as a hobby. I’m not saying the bounties are simple either, so don’t think the money comes easy. 

For me, I began hacking with no prior knowledge or experience and after just three months I hacked my way onto the top 20 hacker profiles on intigriti. I made over €3,000 in this time, simply by finding logic vulnerabilities. My favourite bounty was actually one I found by accident. I put XSS attack vectors into input fields and was able to completely take over an account by stealing the session cookies. This accident made me €750. 

So what I’m saying is it’s still worth a shot regardless of your experience, I’m a perfect example of that. Now I don’t hunt so many bounties, I prefer to focus more on penetration testing which brings me to my next point. 

2. Penetration testing

A penetration tester is a hacker who gets hired by a client to test the required scope items. That’s a little vague but basically, when a company designs a new product or feature, penetration testing is required to ensure the product is safe from hackers or malware. The hacker follows a procedure based on what they are testing. A penetration tester can test many different things like APIs, product features, or a company's infrastructure. 

Penetration testing jobs are on the rise, which means there’s money and plenty of opportunities. If you go get a certificate like an OSCP, it’ll help you stand out from the crowd. I recommend it. Also, a great thing to do while you're training to become a penetration tester is to start publicly sharing any info or research you might be learning. Community work is a great look for employers and it also builds up your online reputation and network.

So penetration testing is another great way to make money with your hacking skills. The thing is, it requires more training than chasing bounties. You need to be at a proficiency where you can comfortably work at a company that specialises in penetration testing. Which isn’t easy since it’s a lot of self-learning. There’s no school that teaches hacking. You kind of have to just test and try different attack scenarios, and be able to show it. 

If you do land a job, well, good news, your salary can easily grow up to $100,000 (US). The average salary for a pentester is $86,241 with juniors generally starting out at $59,000, and quickly rising. Not bad money if you can get your foot in the door. 

3. Training others

Now that you know how hackers operate, you can help others by teaching them how to hack ethically or defend themselves against bad actors. You can help contribute to a safer internet by informing people about the dangers and training them on how to defend themselves all while making some extra doe. If you are really passionate about training, you could go full-time, there’s amble opportunity between emerging technologies and better tools. 

Besides teaching online, it’s always helpful for experienced hackers to share what why to know with the newbies. Youtube is a great place to start for example. You can upload videos where you talk about your experiences and share thoughts and techniques. You can grow an audience and create another revenue stream if you’re really dedicated. Remember, it only takes 1,000 hours of watch time and 1,000 subscribers, for you to start earning money. 

For the camera-shy, how about a blog? Write down all the new things you learned. There are sites like Medium which can earn you money for your writings, and offers a place to grow an audience. Whatever it is, YouTube, Medium, Twitter — the earlier you start building your audience the better. 

And look, down the line, once you’ve mastered some hacking skills, you might wanna create some courses, like me. There’s a bunch of platforms, Udemy is probably one of the most popular but see what works for you!

4. Helping people after a cyber attack

With covid-19 rising, we also saw a big increase in cybersecurity attacks on companies and consumers. With your newfound knowledge of these cyberattacks, you might be able to help the victims of these attacks recover and if you are providing them with tech support, you can certainly make some good coin with this method. You can possibly offer to remove any viruses that were installed or possibly try to recover data from a crashed system. 

I made sure to let every business near me know that I was a security engineer and that if they needed me, they could always reach out to me. About 2 days after I gave my number to a local car dealership they got hit with a crypto locker. These viruses are designed to encrypt all of the user's files and demand ransom for the key to decrypt them. Luckily I had an unlocker for this specific virus and I was able to decrypt all the files with no damage done. Needless to say, they were very grateful for this. 

You don’t have to go that big though, you can also start smaller and just help out a family member or friend in need. There’s always a relative who needs a repair, and you can let them know if there’s a crisis situation you’re there to help. It’ll prevent a lot of damage plus you’ll build up your experience and resume. 

Lastly, it never hurts to put out posters that contain descriptions of what you are capable of in locations that allow it. People in need might see this and contact you. I’d mention what your prices are as well to help them make a more informed choice. 

5. Doing research into hacking

If you are the kind of person that likes to take everything to the extreme and to be at the forefront of a field, there’s great potential in hacking. It might not seem like it because when you discover something completely new, there seems to be no immediate reward. For example, we can report defects to companies that we have found but if they are unresponsive and don’t really perceive the threat, there’s not much we can do. 

After the issue has been fixed however and on the condition that you leave out any details that might reveal your target, it's possible to start writing or producing videos about what you found and how you did it. There are a lot of hackers who are always interested to learn new things and you can get paid to start if a blog or youtube channel gets popular enough. You can keep growing these social media channels as you go along and make new discoveries.


Read my other article How To Become a Hacker in a Year!

How Do Hackers Make Money?

How do hackers make money from your stolen data?

Cybercriminals will go to great lengths to steal your data – but what do they actually do with your information once they get their hands on it?

In most cases, data theft is financially driven. After stealing your information, bad actors can use a variety of shady channels to monetize your data, including taking out loans and making purchases under your name, holding your data to ransom and selling your data on dark web marketplaces to the highest bidder.

In this article, we’ll show you exactly how hackers steal and monetize your data, and how much it sells for on the black market.

How hackers steal your data

There are many methods hackers can use to steal your data. The following is not an exhaustive list, but it does include some of the most common techniques:

1. Malware

There are many types of malware that can be used to steal your personal information, including keyloggers, info stealers, banking malware and more.

Most strains typically focus on login credentials, credit card information, browser autofill data and cryptocurrency wallets. Certain breeds, such as the infamous Vega Stealer, sniff out specific file types such as PDF, Word, Excel and text files and exfiltrate (transfer the data without authorization) them to a remote command and control server.

Malware typically spreads via malicious email attachments, malvertising, drive-by downloads and pirated software. You can keep your system safe from malware with a proven antivirus solution like Emsisoft Anti-Malware.

Download now: Emsisoft Anti-Malware free trial.

Antivirus software from the world’s leading ransomware experts. Get your free trial today. Try It Now

2. Phishing

Phishing is a form of low-tech social engineering in which cybercriminals attempt to extract sensitive information such as login credentials, credit card information and personally identifiable information (PII).

In a typical phishing scam, attackers pose as a reputable company such as Microsoft, Amazon or Netflix and claim there’s an issue with your account. The message encourages you to click on a link where you can supposedly resolve the issue by confirming your password or entering your credit card information. This data is sent directly to the hackers, who can then gain access to your real account and the information stored within.

Phishing attacks are typically delivered via email, but they can also be implemented through social media, text messages and phone calls.

3. Weak passwords

Hackers can also steal your data by cracking the passwords of your online accounts. There are a few ways this can be accomplished:

  • Password leaks: When major service providers are hacked, it often results in millions of passwords being leaked, which may be sold or dumped on the web for all to see. Because so many people use the same password for multiple services, attackers can simply use the leaked login credentials to try to gain access to the users’ other accounts. You can check if one of your accounts has been involved in a leak by entering your email address at Have I Been Pwned.
  • Brute force attacks: Hackers use purpose-made tools to input every possible combination of characters until the correct password is guessed. The shorter and weaker the password, the quicker it will be cracked by a brute force attack.
  • Keyloggers: Attackers use data-stealing malware such as keyloggers to track keyboard input data and steal your passwords.
  • Phishing: Hackers use social engineering to get you to willingly divulge your username and password. Phishing attacks can appear very convincing and may be sent from a legitimate account that has been compromised.
  • Post-exploitation tools: Some tools are made to harvest passwords and other valuable information stored on systems that have already been compromised. If your system has been compromised (e.g. by malware), an attacker can deploy post-exploitation tools like the infamous Mimikatz to view and steal login credentials that are stored deep within your system.

See this blog post for more advice on how to securely manage your passwords.

4. Unsecured connections

Attackers can also steal your data by preying on unsecured connections such as public Wi-Fi networks. Public Wi-Fi is often unsecured and unencrypted, leaving users vulnerable to a variety of attacks, including:

  • Man-in-the-middle attacks: Hackers intercept your data by positioning themselves in the middle of your connection to the public Wi-Fi. Attackers can access any information that passes between you and the websites you visit while connected to the Wi-Fi network, including your passwords and financial data.
  • Rogue hotspot: Attackers set up a Wi-Fi access point that resembles a legitimate hotspot, enabling them to eavesdrop on network traffic. Attacks may also be able to use the rogue hotspot to distribute malware or direct you to malicious websites.

How hackers monetize stolen data

Once a hacker has successfully stolen your data, the first step is to inventory it. They comb through your data for valuable information such as your login credentials, financial information, names, phone numbers, addresses and social security number, and organize it in a database. After the data has been collated, hackers have a variety of ways to monetize it.

Use the data themselves

In some cases, hackers may monetize your stolen data by using it themselves to make purchases or commit fraud. This is relatively rare as committing fraud is much more likely to attract the attention of authorities than anonymously selling large batches of data online. Nevertheless, it does happen.

Attackers can use your stolen data to:

  • Purchase items online
  • Extract money from your bank account
  • Apply for bank loans
  • Apply for credit cards
  • Make fraudulent health insurance claims
  • Pay off debt
  • Request money from your contacts using your email and social media accounts

Sell your login credentials

Usernames and passwords are often sold in bulk on the dark web. Buyers may use your login credentials to transfer money from your bank account, make online purchases and access various paid services.

Here’s how much your account credentials typically sell for, according to a Symantec report on the underground economy:

  • Gaming platform accounts: $0.50-$12
  • Video and music streaming accounts: $0.10-$2
  • Cloud service accounts: $5-$10
  • Online banking accounts: 0.5%-10% of the account’s value

Sell PII to buyers on the black market

Hackers commonly sell PII on underground marketplaces that are accessible on the dark web. Typically, PII will be sold in bulk batches. The more recently the data has been stolen, the more valuable it is.

Here’s how much your data is worth:

  • Name, social security number and date of birth: $0.10-$1.50
  • Medical notes and prescriptions: $15-$20
  • ID/passport scans or templates: $1-$35
  • Mobile phone online account: $15-$25
  • Full ID packages (name, address, phone, SSN, email, bank account): $30-$100.
  • It might not sound like a lot of money, but it’s important to remember that data is often sold in enormous batches. Attackers who are able to successfully breach a major company can sometimes walk away with the data of millions of users, which can collectively be sold for big bucks. In 2019, the hacker behind the Canva data breach put up for sale on the dark web the data of 932 million users, which he stole from 44 companies.

Sell your credit card information

Attackers will usually sell your credit card information in large bundles of hundreds or even thousands of stolen credit cards. This data is often purchased by “carders”, who try to avoid fraud detection by purchasing gift cards and using them to buy physical items, which may then be sold on the dark web as well as through legitimate channels such as eBay or Craigslist.

How much do hackers sell your credit card information for?

  • Single credit card: $0.50-$20
  • Single credit with full details: $1-$45

Hold your data to ransom

Some types of ransomware have data exfiltration functionality, which enables hackers to not only encrypt your data but also steal it via a range of channels, including FTP, HTTP, HTTPS, SSL/TLS and more.

Attackers can use your stolen data as extra leverage to encourage you to pay the ransom (the average is a whopping $84,000) and sell your PII on the black market for extra pocket money.

Sell valuable intellectual property

It’s not uncommon for hackers to launch attacks on large corporations and sell the stolen data to companies in developing nations. These are typically highly sophisticated, nation-sponsored attacks and can be incredibly lucrative for both the hackers and the country funding the attack. Chinese intellectual property theft is estimated to cost the U.S. economy $50 billion a year.

How data theft can impact victims

Being the victim of data theft can have significant repercussions. In the short-term, you’ll have to go through the time-consuming process of securing your compromised accounts, reversing fraudulent purchases and replacing stolen credit cards.

These are annoying but not life-changing effects. However, there can also be longer-lasting consequences.

For example, if your social security number is stolen and used for fraudulent activity, it could potentially impact your credit history and credit score. Undoing the damage can be very difficult, and may prevent you from making loan applications, purchasing a home or renting property. In addition, if your work-related accounts are used to deliver malware or phishing attacks, you may damage your professional reputation, cause business loss or have to face disciplinary action from superiors.


Data theft is usually financially driven. There are many ways for cybercriminals to get their hands on your personal data, including malware, phishing, password cracking and man-in-the-middle attacks. Once they have obtained your data, they may use it themselves to commit fraud, or they may sell it in bulk on the dark web.


Similar news:

Whether it’s phishing, Trojan Horses or a DDoS attack, cyber crime is getting more and more complex and efficient

All of which is obviously concerning, but have you ever wondered how hackers actually make their money?

According to stats from Varonis, more than two-thirds (68%) of business leaders feel their cybersecurity risks are increasing. (Accenture), while just 5% of companies’ folders are properly protected, on average.

Figures also show that data breaches exposed 4.1 billion records in the first half of 2019 and almost three-quarters (71%) of breaches were financially motivated with a quarter (25%) motivated by espionage.

To date, the 2013 attack on Yahoo remains the biggest security breach in history, as hackers got their hands on the names, email addresses, phone numbers, birth dates, security questions and answers, and encrypted passwords associated with at least half a billion Yahoo accounts, about 8 million of which are thought to be from the UK.

It’s thought the hack was funded by another country in a ‘state-sponsored’ attack, but it’s not known which country was behind it, and it eventually compromised the data of 3 billion people!

How cyber crime pays

Hackers use all sorts of tricks, such as Trojan Horses, viruses, spam attacks, crawl bots and all kinds of malware to get their hands on sensitive data – and they can make thousands of pounds worth of profit with relatively little initial outlay.

This infographic below from Kaspersky, developers of internet security and antivirus software, tallies up out the victim’s losses and the criminal’s gain…

Infographic showing how cyber crime pays

Back to the Yahoo attack

So now you know how hackers can make money out of any kind of security breach you can see how getting the details of half-a-billion Yahoo email users could turn a profit.

The big worry about the Yahoo hack though is the length of time it took the internet giant to  acknowledge the attack – a lot of damage can be done in two years!

Professor Alan Woodward of the University of Surrey said of the hack: “It is really worrying that a breach from 2014 can have gone undetected for so long. It is also surprising the public statement took so long to appear.

He added:  “I would have thought most companies had learned by now that early disclosure is better, even if you have to revise and update as you learn more.”

And to put the whole hack into some sort of perspective, it goes way beyond other recent data breaches like MySpace (359 million), LinkedIn (164 million) and Adobe (152 million).

Have you been a victim of the Yahoo hack? Or any other hack? Let us know…


1118 1119 1120 1121 1122