As surprising as this may sound, earlier this year stolen twitter credentials were valued at almost $1,000. When compared to credit card details that fetch less than $1, why do twitter credentials command such large sums? The following article gives a quick glimpse into stolen credentials market, how they’re bought and sold in underground markets and just how criminals turn them into cash.

The fall of stolen credit cards

At the turn of the century, eCommerce and online services took a steep climb. Taking a ride to the bank in order to transfer funds from one account to another (during normal business hours) was replaced by a click of the mouse within the confines of your home, at the local coffee shop or from the airport on the way to catch a flight (at any time of the day). Application functionality soared allowing anyone to become their own travel agent thus avoiding the long summer lines.

As the availability and ease-of-use of the online functions rose, users became accustomed to the purchase of services with their credit card number. The amount of credit cards details passed as traffic, stored in online locations with the ability to access them from external sources, was too much of bait for criminals to pass on. The criminal activity on this front sky-rocketed, as shown by a research conducted on logs of IRC channels between participants of online black markets which took place over a 7-month period during 2006.


This research showed that from all (illegally) exchanged data marked as “sensitive”, the high majority of this data was attributed to credit card numbers. The asking price for a compromised credit card number ranged between $1 and $25 (depending on the size of credit line associated with it). Most of the other “sensitive” data was composed of identifying details such as addresses, names and expiration date which all aid in the processing a of credit card transaction. During that time period, also different user credentials (account names and passwords) were shown to have passed in the channels but these were relatively scarce.

Two years later, a Symantec report showed that stolen credit cards comprise 32% of all goods and services available for sale on underground economy servers. Due to massive data breaches, stolen credit cards became widely available and as a result the face value of individual credit card records decreased.

Credit card numbers were sold for as less as $0.06 per single card when sold in bulk. Bank account numbers (actually identifying debit cards) followed roughly behind stolen credit cards, fetching as low as $10 per account number. These numbers are easily explainable. Not only were stolen credit card numbers a main “commodity” but monetizing on credit cards is not as easy as it may sound.