‘Buying bad’: the black market where access to hacked Australian data can cost just $500

Some sites that mediate the sale of hacked data use Reddit-style upvoting systems to weed out scammers and law enforcement

• Get our morning and afternoon news emails, free app or daily news podcast

When personal data is stolen in a breach, such as the recent high-profile attacks on Optus and Medibank, it often begins a journey through a shadowy criminal marketplace which follows surprisingly traditional models of supply and demand.

Passwords, personal information, copies of identity documents and contact details of victims may pass through a web of transactions, mediated in online forums or hidden on the dark web, and denominated in cryptocurrency, before ending up in the hands of those who plan to exploit them.

Sign up for our free morning and afternoon email newsletters from Guardian Australia for your daily news roundup