A complete American identity package - Social Security number, date of birth, and home address - sells for roughly $35 on the dark web. That figure, drawn from a new joint study by NordVPN and threat exposure platform NordStellar, is not a reflection of how little your data matters. It is a reflection of how much of it is already out there. Researchers analyzed nearly 75,000 dark web marketplace listings between January 2025 and February 2026 and found that the sheer volume of stolen American data has pushed prices to the floor.
Volume Has Collapsed the Market for Stolen American Identities
Over 70 percent of all stolen payment card listings in the study originated from North America. The US alone accounted for 16,842 card listings in the sample period. Basic economics explains the rest: when supply outstrips demand by a wide margin, prices fall. A stolen US payment card goes for about $10. Passport scans sell for $35, and driver's license scans for $50. These are not one-off transactions between individuals - they take place on structured marketplaces that operate with the professionalism of legitimate e-commerce platforms, complete with customer support desks and replacement warranties for accounts that get suspended.
The industrialization of stolen data is arguably more alarming than any individual price point. What was once the domain of technically sophisticated criminal networks has become accessible to low-skill buyers who need no special knowledge to purchase and misuse credentials. The barrier to committing identity fraud has never been lower.
Not All Stolen Data Is Priced Equally
Streaming account credentials sit at the cheapest end of the market. A Netflix login costs roughly $4.55. But the modest price reflects limited downstream value - the main risk is unauthorized use and billing fraud, not deeper financial exposure.
Social media accounts command more because of what they connect to. A stolen Facebook login sells for around $38, but the real value to a buyer lies in the ecosystem attached to it: linked Instagram profiles, business advertising accounts, and payment methods stored within Meta's infrastructure. A single login can open multiple doors. TikTok accounts trade at about $60, partly because of the platform's advertising tools and the audience trust associated with established accounts.
Cryptocurrency exchange accounts sit at the top of the price scale for a straightforward reason: direct access to liquid assets. A compromised Coinbase account sells for $107.50; a Binance account goes for $160. Unlike stolen credit cards, which require sophisticated laundering before funds can be moved, a crypto account with an active balance can be drained almost immediately, with limited recourse for the victim. That immediacy is what the market is pricing.
What You Can Do to Reduce Your Exposure
The uncomfortable reality is that your data may already be listed for sale without your knowledge. Breaches frequently go undetected for months, and individuals are rarely notified promptly. Several practical steps can meaningfully reduce both the likelihood of exposure and the damage if it occurs.
- Monitor for your data on the dark web. Services like NordVPN's Dark Web Monitor and the free site Have I Been Pwned can alert you when your email address, phone number, or Social Security number appears in a known breach or marketplace listing.
- Use unique passwords for every account. Password reuse turns a single breach into a cascading failure across multiple services. A password manager removes the burden of memorizing distinct credentials. Passkeys, where supported, offer stronger protection still.
- Enable two-factor authentication everywhere it is available. Two-factor authentication (2FA) prevents account access even when a password has been stolen. It remains one of the most reliable individual-level defenses against credential-based attacks.
- Review your bank statements for small, unexplained charges. Criminals commonly test stolen cards with minor purchases before making larger ones. Catching a $1 or $2 anomaly early can prevent significantly greater financial loss.
The Bigger Picture: Data Theft Has Become Infrastructure
What the NordStellar findings describe is not a black market operating in the shadows - it is a parallel economy with its own pricing norms, quality controls, and service standards. The transition from chaotic criminal forums to professionalized dark web marketplaces has been underway for years, accelerated by the growing availability of automation tools that make large-scale data harvesting faster and cheaper to execute.
For individuals, the implication is clear: the question is no longer whether your data will be exposed, but when, and how well-protected the accounts attached to it are when it happens. The $35 price tag on your identity is not reassuring - it is a signal that your data is already abundant enough to be treated as a commodity. Treating your passwords and personal credentials accordingly is no longer optional caution. It is basic digital hygiene.