How did my personal information end up on the dark web?
Reviewed by Mike Marcacci, Sr. VP of Engineering at OmniWatch
What is the Dark Web?
The dark web is a part of the internet that can only be accessed using special internet browsers, such as The Onion Router (TOR). It is an anonymous network where users can communicate and access websites without fear of being tracked or identified. Sites accessible through these special browsers cannot be seen or accessed from normal internet browsers like Google or Microsoft Edge.
Many people use the dark web to buy and sell illegal goods, as well as engage in other criminal activities. However, it also has legitimate uses such as allowing whistleblowers to communicate securely with journalists or activists to share information without fear of government surveillance. For example, Facebook has a dark web version for people who live in countries with strict internet censorship practices.
In addition, some individuals may use the dark web for more mundane tasks like browsing online forums or playing video games. Regardless of its purpose, it remains largely unregulated and often serves as a hub for illegal activities.
Just accessing the dark web is risky. There is a lot of misinformation on how to safely access it, and you can easily become a victim of ransomware or other viruses.
How did my Personal Information end up on the Dark Web?
There are several ways your personal information can end up on the dark web. One way is through an online data breach, where hackers gain access to a company’s database and steal personal information like social security numbers, as well as other sensitive data. They then sell that data on the dark web.
Another way for information to be exposed is if someone with malicious intent deliberately posts it on the dark web for free for anyone to access. This is a more recent tactic of hacking groups who use stolen data as leverage over companies they hack. Instead of just deleting data if a company refuses to pay the ransom, they’ll threaten to release confidential customer or employee data.
Finally, in some cases, information can be exposed due to human error or negligence. For example, if an employee accidentally uploads a file containing sensitive information to a shared server that is not properly secured.
How People Buy Your Data on the Dark Web
The dark web has various forums and chat rooms where some hackers post stolen data for free, and some marketplaces specialize in selling stolen data.
There have been many huge dark web-based marketplaces. When one is eventually brought down, new ones pop up in its place. The most notorious ones that people have probably heard of are the Silk Road and AlphaBay.
Just recently, a dark web marketplace named Genesis that specialized in identity theft was taken down. At one point, Genesis had over 80 million stolen credentials for sale on its marketplace. In its place, a new market called Styx has now launched.
Potential ID thieves can buy large amounts of private data. According to the 2022 Dark Web Price Index, you could buy 10 million US email addresses for $120.
Enter your email address and get results in seconds
Hackers and thieves don’t wait and neither should you! See if your passwords have been exposed in a data breach.
How can I Protect Myself From Dark Web Data Breaches?
Unfortunately, there is no way to fully protect yourself from being the victim of a data breach. Even if you never signed up for any online accounts, your data would still exist in government databases, credit bureaus, banks, and more.
So what can you do to keep yourself safe?
The good news is that identity thieves are mostly looking for easy targets. Making yourself a harder target can discourage most hackers and keep you from becoming a victim of fraud. Here are five things you can do right now to start making yourself safer:
Strengthen Passwords
Multiple tools can help crack passwords, especially if they are short or use things like addresses, emails, or anything that may be associated with you. Ideally, you want to create a long password with numerous special characters that spell no particular word. Better yet, you can use a complicated and unique passphrase. Since these are hard to remember, using password managers like 1Password® can help you create secure and varied passwords or passphrases while still allowing you to log into accounts easily and quickly.
Secure your accounts using two-factor authentication
Two-factor authentication (2FA) simply means that there is another factor to logging in than just entering an email and password. Some apps may use a separate app, like Google Authenticator, that generates a secondary passcode that you need to have access to. While this is one of the most secure options, it can often be a little frustrating for users.
Another method of 2FA is creating your account using a social media account like Gmail®, Apple®, or Facebook®. You’ll often see this option when you create an account, and it will ask if you want to create a username and password or create an account with different social media sites. Because Gmail, Apple, and Facebook require 2FA already this secures your account and lets you still log in to accounts with one click.
One of the newer trends is to eliminate passwords and instead require users to enter a unique code from a text or email. This allows users to never have to worry about remembering a password and ensures 2FA every time. This is why OmniWatch uses this method to keep your account secure.
Use dark web monitoring to know when your data is breached.
Unfortunately, companies are not required to disclose data breaches until actual harm has been done. This means that until hackers use the data to commit a crime, companies do not have to disclose a breach to users.
According to the Identity Theft Resource Center, approximately 2/3 of data breach notifications do not include attack details or victim descriptions. This leaves out important details that would help consumers know what information was affected. Using dark web monitoring services, like what is included with OmniWatch, can help you know when your data is at risk so you can take action before harm is done.
Dark web monitoring tools continuously monitor the dark web for your information. If your personal information is found, you’ll receive an alert so you can act quickly to recover your identity.
Don’t use real answers to security questions.
If websites ask you to use security questions such as “Where were you born?” never use real answers for these questions. With social media and government records, hackers can figure out the answers to these questions. Instead, make up fake answers that you keep track of in a password manager.
Take immediate action when you are a victim of a data breach
If you do receive a breach notification you should attempt to resolve it as soon as possible. OmniWatch™ will provide you with steps for how to best protect yourself depending on what information was stolen.
Changing passwords or deleting unused accounts only takes a few minutes and can drastically improve your online security.
Remember, if you think you have been the victim of identity theft immediately call our customer support team at 877-892-8249, where our 24/7 US-based resolution specialists can guide you through the identity restoration process.
What Cybersecurity Professionals are Saying
Chester Wisniewski
Principal Research Scientist at Sophos
“Looking forward into 2023 has me very concerned with what developments we see with the malicious use of machine learning technologies”
Matt Kapko
Cybersecurity Reporter
"Threat actors don’t just follow the news — they react to it and identify new ways to target potential victims during moments of heightened sensitivity."
Chester Wisniewski
Principal Research Scientist at Sophos
"ChatGPT3 could easily be weaponized to help criminals write more convincing phishing and business email compromise scams."