This may be true, but it is something to think about. When we talk of IT Security we need to think not just of the what, but the why.
In this 2013 post, security author, blogger and researcher Brian Krebs presents an analysis of the value of a hacked email account https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/
It may be five years old, but most if not all of what’s discussed is relevant today. The digital world today is an integral part of people’s personal and business lives in ways that were still in the early adoption stages in 2013 – online banking, SaaS applications, remote workforces and many, many more.
The Dark Web
Personally identifiable information (PII) can be like an episode of CSI … the cybercriminal patiently gathers all the clues, from all of the sources, and then strikes. What may seem trivial by itself can be the key piece needed to complete the picture when combined with other sources. That’s why there’s a thriving trade in PII on the Dark Web.
Experian recently republished its 2017 analysis of how much this type of data sells for https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/
Cyber criminal Kyle Milliken was recently reported as sentenced to 17 months at a federal work camp https://www.washingtontimes.com/news/2018/apr/19/kyle-milliken-identified-as-hacker-behind-imgur-di/, a lighter than might be expected sentence because he agreed to cooperate with the authorities. Because he cooperated, some details of the case remain sealed.
What is known is that between 2010 and 2014, Milliken and his associates ran operations that affected as many as 163 million users and netting the crooks around $1.4 million. A key item to note is that Milliken and his associates used automated tools – exactly the sort of tools which can be used to exploit and connect apparently unrelated pieces of information. That sounds like a lot of effort, but the return on investment from a criminal’s point of view is increasingly worth it – especially as cybercrime is nowhere near as risky an option for the aspiring criminal as drug trafficking or violent crimes (some sources report cybercrime as being more profitable than the drug trade).