There’s No Expiration Date for Your Data on the Dark Web

With data breaches impacting organizations on what seems like a daily basis, there’s a very good chance that your personal information has been compromised — and once it is leaked onto the Dark Web, you are vulnerable forever. According to the 2018 End-of-Year Data Breach Report, the total number of data breaches decreased in 2018, however, the number of stolen records climbed more than 126 percent. Not only is that a significant increase in the amount of Personal Identifiable Information (PII) that is now in the hands of cybercriminals, but it is also an indication that breaches have become larger, exposing more pieces of data per incident.

Many of us are experiencing data breach fatigue — the idea that individuals and organizations have become immune to the effects of data breaches and are less motivated to do anything to protect themselves. But while we are mistakenly putting our guard down, hackers continue to use our personal information for their own financial gain.

Credential Stuffing Attacks

One of the main ways that hackers utilize information stolen through data breaches is by credential stuffing, a cyberattack where large numbers of hijacked usernames, email addresses, and related passwords are used to attempt account logins at targeted web applications through an automated process. This is especially dangerous for consumers who use the same username and password combinations for multiple accounts.

In January of 2019, Have I Been Pwned? shared Collection #1, a database of 773 million unique pairs of email addresses and passwords that had been discovered circulating on a criminal forum on the Dark Web. Later that month, Collections #2-5, containing another 2.2 billion credentials, were also discovered. In February of 2019, 617 million stolen credentials from 16 websites were listed for sale on the Dark Web. That’s a lot of personal information up for grabs!

I Changed My Passwords. Am I Safe Now?

The simple answer is “no.” When the stolen data is your personal identity — your name, social security number, or other persistent record tied to who you are — it never expires. And, as long as cybercriminals continue to breach companies that collect such information, it is constantly being packaged, resold, and used for different malicious activities. Even your children are at risk.

A hacker recently confessed to The Register that they were responsible for the leaked 617 million credentials I mentioned above. The cybercriminal stated that their goal is to make money and make hacking easier for others — at the cost of making the lives of their victims difficult. These communications are a clear display that hackers only care about profiting by selling our data, with no regard for the consequences for those affected.

How Can I Protect Myself?

Every organization is vulnerable to hacks, and it is important not to become complacent when it comes to protecting your identity. No matter how long ago you may have been affected, you never know when your personal information or login credentials will be used against you.

Tips to Protect Your Identity on the Dark Web

1. Don’t use the same password for multiple websites. Use a password manager to generate unique credentials for every online account.
2. Use two-factor authentication. Requiring an additional level of security can often thwart hackers from gaining access.
3. Invest in identity theft protection. Make sure you and your family are protected now and into the future.
4. Keep up to date with the latest data breaches: https://www.sontiq.com/breach-news-summary/ and for more details, https://www.identityforce.com/blog/2021-data-breaches