The dark web cost of your stolen identity is, by most accounts, less than a decent lunch. NordVPN, working with its threat exposure management platform NordStellar, has analysed nearly 75,000 dark web marketplace listings and found that a stolen payment card sells for around $10 (approximately R185), a Netflix account for under $5 (approximately R92), and a complete identity package (name, documents, financial details) for as little as $35 (roughly R648). They’ve also built an interactive calculator so you can see what your specific combination of accounts and documents would be worth to a criminal. The number will almost certainly disturb you. That’s the idea.
NordVPN’s CTO, Marijus Briedis, puts it plainly: most people would be shocked at how little it costs a criminal to buy their entire digital identity. That statement is factually accurate. It’s also the most effective sentence in the company’s marketing arsenal, because shock is precisely the emotional state that drives subscription consideration. This is not a cynical observation about the research itself, which is legitimate and the data useful. It’s an observation about the architecture of the campaign. The research, the press release, the calculator, and the subscription prompt form a single engineered sequence. Understanding that sequence doesn’t make the underlying threat any less real.
The dark web credential market operates on basic supply-and-demand logic. Stolen card data is the most commonly traded category, precisely because the volume of North American breaches has flooded supply and depressed prices. Full identity packages, known in the market as “fullz”, can sell for anywhere between $20 and $200 (approximately R370 – R3700) depending on credit score and country of origin. High-value access, like verified crypto exchange accounts or corporate VPN credentials, commands a significant premium. The price of your Netflix login being under $5 reflects an oversaturated market in streaming credentials, not an absence of risk.
What NordVPN’s research communicates clearly, and its marketing communicates less clearly, is which threats actually put your data there. The Verizon 2025 Data Breach Investigations Report confirmed that stolen credentials were a factor in 22% of all analysed breaches, and IBM’s X-Force 2025 report highlighted an 84% weekly increase in infostealer malware delivered via phishing. Phishing, not inadequate VPN coverage, is the dominant on-ramp. A VPN addresses one specific attack surface: interception of your traffic on an unsecured or compromised network connection. It does nothing for credential theft via a phishing link you clicked in a convincing email, or a third-party service that got breached and sold your hashed password. The calculator tells you what your data is worth at the destination. It doesn’t address the journey.
This matters because cybersecurity fear marketing tends to leave users feeling helpless rather than empowered, convincing them that the field is beyond their understanding and that the solution is simply to adopt the latest product. The irony of NordVPN’s calculator is that it’s one of the better attempts at personalising the threat, which researchers argue is more effective than abstract statistics. But personalised alarm without specific, actionable guidance is still alarm. The calculator tells you your identity’s market value. It doesn’t tell you that enabling multi-factor authentication across your accounts, using a password manager, and checking Have I Been Pwned addresses more attack vectors than a VPN subscription does. NordVPN sells a password manager called NordPass. That recommendation is conspicuously absent from the press release.
The South African context adds a layer that NordVPN’s global release doesn’t acknowledge. Digital banking fraud in South Africa has surged by 45%, with the country ranking among the worst-hit globally for cybercrime density and estimated annual losses reaching R2.2 billion. South Africa has had 124.2 million personal records exposed since 2004, and ranked 27th globally among the most breached countries as recently as 2025. The threat is not hypothetical here. But South African credentials are also, structurally, less commercially attractive to dark web buyers than North American ones, because purchasing power determines return on criminal investment, not geographic risk alone. You’re not necessarily safer because your data is cheaper to buy. You’re potentially more exposed because the enforcement and response infrastructure is thinner. Only 29% of South African organisations plan significant cybersecurity budget increases, and human error remains the dominant factor in local breaches, linked to up to 95% of incidents.
None of this is an argument against NordVPN’s research, or against using a VPN. It’s an argument for reading the calculator result alongside a clearer understanding of what actually leads to it. The data showing your digital identity sells for less than a restaurant meal is real, it’s documented, and the NordVPN dark web calculator is a technically sound way to make abstract risk feel immediate. Where the campaign is thinner is in the space between awareness and action. Knowing the price is step one. Understanding the attack path is step two. Both matter. Only one of them sells subscriptions.
For South Africans navigating a local threat landscape that combines high breach exposure with limited institutional response, the more useful frame isn’t “how much is my data worth?” It’s “how does it get there?” That question has answers NordVPN’s research platform is well-placed to address. It would make for a less shareable calculator but a more protective one. You can read more about how AI is reshaping the local cybersecurity threat environment here on Reframed.