Number of login credentials far outstrips payment card information.
The black market for personal data is said to be running at a record size, according to the information services firm Experian.
110 million pieces of data are thought to have been bought or sold through the black market this year, a 40% rise on the amount traded the year before and a threefold increase on that traded during 2012.
Peter Wood, chief executive of security consultancy First Base Technologies, said: "The massive increase in illegal trade of personal information on the Internet is a result of two key factors.
"On the one hand, whilst the average person wants to protect their data they don’t understand how to protect against attacks, and on the other, criminals are trading hacking skills and techniques in greater and greater numbers."
96.5% of data is said to be login credentials, with the remainder of the data comprised of credit card or passport information.
While login details are harmless on their own they can potentially open up the victim to identity fraud, profiling for further attacks, or lead to their contact lists being taken for later use by the hacker.
Peter Turner, managing director with Experian Consumer Services, UK and Ireland, said: "Given the number of online services that we all use each and every day, it is so important that we are all vigilant in protecting our information online.
"Remember fraudsters operate to make money, and so if your personal information has been compromised, one of the first places that you can spot potential fraud is by seeing unfamiliar credit applications being made in your name on your credit report."
A related survey commissioned by Experian showed a steady decrease in the number of British people leaving inactive social media, email or retail accounts open, although bad habits such as password reuse and failing to update credentials regularly were still an issue.