If you have ever wondered what your personal data is worth to a hacker, the answer is not much. A new study from NordVPN and threat exposure platform NordStellar found that a complete American identity package, which includes your Social Security number, date of birth, and address, sells for about $35 on the dark web. That is less than a full tank of gas.
The researchers analyzed almost 75,000 dark web marketplace listings between January 2025 and February 2026. Over 70% of all stolen payment card listings came from North America, with 16,842 US card listings alone. The sheer volume of American data available has driven prices down, making US identities among the cheapest you can buy.
Your accounts are cheaper than you think
A stolen US payment card goes for about $10, while scans of passports and driver's licenses sell for $35 and $50, respectively. Streaming accounts are even cheaper. A Netflix login costs $4.55, and vendors operate like legitimate businesses, offering replacement accounts if one gets suspended.
Social media accounts are worth more because of what they unlock. A Facebook account sells for around $38, and a single login can give a criminal access to connected Instagram accounts, business pages, and ad tools. TikTok accounts go for $60.
The most expensive items are crypto exchange accounts. A stolen Coinbase login sells for $107.50, and Binance accounts go for $160. Unlike stolen credit cards, which require complex laundering, a compromised crypto wallet could give someone direct access to funds.
If you're wondering what the total price of your accounts and documents would be for a criminal, you can check the calculator NordVPN built.
How to reduce your risk from data breaches
The uncomfortable truth is that your data could already be listed for sale, and you would have no way of knowing unless you check. Here are a few things you can do to reduce your risk.
Use a dark web monitoring tool
Use a dark web monitoring tool to get alerted when your data shows for sale. NordVPN's Dark Web Monitor provides alerts about your email address, SSN, and phone number as part of its basic service, or the free site Have I Been Pwned can let you know if your email shows up in a breach.
Use unique strong passwords and a password manager
Sharing passwords across accounts can make a data breach of one account far worse. So, it is critical to use unique strong passwords for every account. A password manager makes this manageable, we use and recommend 1Password and Dashlane. If one account gets compromised, the damage stays contained. Better yet, use passkeys.
Turn on two-factor authentication for your accounts
Two-factor authentication (2FA) is the single most effective way to keep someone out of your accounts, even if they have your password. We recommend enabling 2FA for every account that allows it. Learn more about 2FA and why it's the best way to secure your accounts.
Watch your bank statements for unexpected small transactions
Watch your bank statements for small, unexpected charges. Criminals will often test a stolen card with a small purchase before going bigger.
I think the most unsettling thing about the data from NordStellar is not the prices themselves, but how routine the whole operation has become. These marketplaces run like legitimate businesses, with customer support and replacement warranties for suspended accounts. It is a good reminder to treat your passwords and personal data with a lot more care than most of us probably do.
Read More: How to Tell if Your Phone Has Been Hacked
[Image credits: Suzanne Kantra/Techlicious via ChatGPT]
