Your Stolen Data: What Cybercriminals Actually Do with It

Did you know that a big data breach happens somewhere in the world just about every day? You might hear about it on the news, you might have even received a letter or email from a company saying, “Oops, we might’ve lost some of your info.” But have you ever wondered what those cyber bad guys actually do with your stolen data? Turns out, they can pull off some surprisingly shady stuff.

Stolen personal Data

1. Selling Your Info on the Dark Web

Think of the dark web as a super-secret online marketplace. Cybercriminals take your stolen data –  credit card numbers, social security info, even your driver’s license – and sell it all off to the highest bidder. 

It’s pretty scary how much money they make from our personal info. For example, medical records go for around $60 a pop, stolen Social Security Numbers (if you’re in the US) go for about $4 a piece, and credit card numbers go for anywhere from $10-20 each. And when you consider that they can acquire these by the millions, that turns into a lot of money.

2. Identity Theft: It’s Not Just in the Movies

Someone else pretending to be you? Sounds like a movie plot, but this is the real deal with identity theft. Cybercriminals use that stolen info to open credit cards, file taxes in your name, or even get medical treatment.

If you think that couldn’t happen, think again! It can cause major headaches down the road, and it’s hard to undo the damage. Prevention, as they say, is worth a pound of cure.

3. Holding Your Accounts Hostage

This one, called ransomware, is a growing problem even big companies worry about. Cybercriminals hack into a system – even your own computer – and freeze you out. They demand a huge payment to unlock everything, sometimes thousands of dollars. Sometimes they say they’ll even leak sensitive info if you don’t pay up. It’s straight-up digital extortion, no two ways about it.

4. Scamming You and Your Loved Ones

Remember that email or text from your “bank” asking you to update your info? Or that text from a “friend” stranded somewhere and needing cash wired immediately?  

Cybercriminals use those tricks (called phishing) all the time. They rely on fear and panic to prevent you from thinking clearly. The goal there, of course, is to get you to send them money without thinking twice.

5. Launching Targeted Attacks

Your stolen data doesn’t just end up on the ethernet or dark web; it can become raw material for future attacks. With something simple, like your email, attackers can send out a malicious email with the hope that you’ll fall for it (a technique known as “spray and pray”). 

With more of your info, however, cybercriminals can craft convincing phishing campaigns tailored to you, more accurately guess your passwords for other accounts, or impersonate you in order to trick your friends and family.

6. Credential Stuffing

Hackers know a lot of people reuse passwords across multiple sites. Sometimes, those massive data breaches leak millions of usernames and passwords.

Criminals take these and use automated tools to try them out on banking websites, social media accounts, retirement accounts … you name it! They’re betting that you reused your password somewhere vulnerable. 

7. Blackmail and Extortion

Blackmail and extortion have been around for centuries, and they are still going strong today. Criminals who get their hands on especially sensitive information (compromising photos, private messages, etc.) can threaten to  leak this info to the public (or your contacts) unless you pay a hefty fee. Although be cautious, because sometimes they can threaten this even if they don’t have sensitive information.

8. Spam Campaigns

Your stolen email address might get funneled into spam operations. Scammers and shady marketers buy lists of email addresses, sending out waves of unwanted junk mail designed to trick people into clicking links or opening attachments that contain malware.

9. Selling Medical Records

While credit card numbers get a lot of attention, your medical records are incredibly valuable on the dark web. Bad actors use these for insurance fraud, getting prescription drugs, and even building a profile that can facilitate more identity theft schemes.

What to Do: It’s Not Hopeless!

Worried? Understandable! But knowing how these criminals operate puts you in a stronger position to take control of your information. Here’s what you can do to fight back and help prevent some of these problems:

  • Change those passwords!  If it were possible to go back in time to change your passwords yesterday, we’d tell you to. However, since you can’t, take the opportunity right now to do that, especially if you use a favorite password on multiple sites (and who hasn’t?). Each login needs something unique and strong. Password managers help with this!
  • Double-check your accounts.  Banks, social media, even your email can look for weird activity. Sign up for alerts on accounts that have that option. This will keep you in the loop, should there be anything fishy going on.
  • Freeze your credit (if it feels serious). This makes it harder for anyone to open new accounts in your name. It’s a pain to unfreeze, but worth it if you suspect you’re at a high likelihood for identity theft.
  • Don’t just click stuff in panicky emails. Scammers love fear. If something claims your account has been hacked, go directly to the website to check (don’t use links in the message!).

Staying safe online requires more than just being careful. Here’s a quick look at some essential tools and services that can boost your digital security:

Security Tool/ServiceExampleWhat it Does
Password managerBitwardenHelps create and store strong, complex passwords
2-Factor Authentication (2FA)Text message notifications for bank account loginsAdds an extra layer of security to logins
Antivirus/Security SoftwareMalwarebytesBlocks malware and scans for suspicious activity
Credit Monitoring ServicesExperianSends alerts when changes are made to your credit report


Nobody likes to imagine their info out there in the wild, accessible to whoever is willing to pay for it, but it’s the smart thing to think about. All the software and gadgets in the world can never fully replace common sense and personal responsibility. 

And if you’re extra cautious and keep an eye out, you can minimize the chances those cybercriminals actually get away with one of their shady schemes.

Thomas Ward

Thomas Ward

Thomas Ward brings over a decade of cloud, infrastructure, and reliability engineering experience to the forefront of Spyrus’s mission. His time at leading tech innovators like Microsoft, Oracle, and MongoDB has shaped his deep understanding of how attackers exploit weaknesses in cloud systems and how to proactively defend them. Thomas witnessed the rapid shift to cloud environments alongside an explosion of cyber threats. He founded Spyrus out of a conviction to help businesses navigate this complex landscape. He leverages his expertise to build tailored, proactive cybersecurity solutions that protect clients’ sensitive assets and ensure their systems stay up and running – no matter what.