What happens to your hacked personal data? We surf the dark web with a cybersecurity pro

Loyiso Boyce, CEO of cybersecurity firm Clyrofor SA, conducted a live demonstration exposing how hacked personal data is traded on the dark web. Using a complex, frequently inaccessible website, Boyce showcased a marketplace where stolen credit card details, identity documents, and other sensitive information are sold. Prices vary based on card value, service quality, and region, with South African bank data appearing among the listings. The dark web marketplace functions similarly to legitimate e-commerce sites, allowing bulk purchases of compromised data. For example, a batch of 10 credit cards with balances ranging from $1,000 to $5,000 was sold out, while individual cards were available for as little as $350 in cryptocurrency. Boyce emphasized that cybercriminals often target personal data to create fake identities, enabling fraudulent applications for credit, debit, or gift cards. Recent high-profile breaches in South Africa, including attacks on Pick n Pay and Standard Bank, underscore the growing threat of data theft. Boyce noted that such incidents expose individuals and corporations to extortion risks, as hackers exploit stolen information for financial gain. The demonstration highlighted the need for stronger cybersecurity measures to protect sensitive data from falling into the wrong hands. Clyrofor SA’s investigation revealed the dark web’s role in monetizing stolen data, with South African institutions among the most affected. The complexity of accessing these sites—requiring specialized knowledge and preparation—does not deter determined cybercriminals. Boyce’s findings serve as a warning about the real-world consequences of data breaches, where personal information becomes a commodity for fraudsters.