Imagine what would happen to you if your personal data was found on the dark web. It is a common nightmare for most of us who are not careful enough when using online banking or social networking sites. In this article, we will explore what the dark web truly is and how personal data reaches it, along with steps to protect your personal data on the dark web.
What is the Dark Web?
The dark web is a hub of hidden websites and other services that require specialized browsers to access. Most of the stuff found on the dark web is encrypted or otherwise protected. To access dark web materials, you must have a Tor browser or software that ensures anonymity by hiding your IP address and location.
Remember that we are not talking about the Deep Web. The deep web is 90% of the internet that has emails, academic websites, research journals, media archives, private databases, and other sites that search engines don’t index. It includes the dark web and accounts for 90% of all web material.
Who Used the Dark Web?
The dark web is commonly used by individuals who want anonymity online. It was made for political activists and protesters to communicate while living under brutal governments. Moreover, journalists and whistleblowers usually use it to provide sensitive information without risking their privacy. Some individuals still use the darknet for this purpose.
Nowadays, this private network is more commonly used by cybercriminals and other individuals who engage in illegal activities. Those people want to hide their identities, and the dark web is a perfect web that fulfills their needs to secure their information.
What Things You Find on The Dark Web?
When people use the darknet to commit illegal activities, they may be buying or selling various kinds of goods or services. Some of the most common illicit goods and services available on the darknet are:
- Stolen credit cards, Fullz, or other banking details
- Prescription drugs and illegal drugs like cocaine, marijuana, heroin, etc
- Counterfeit money, including euros and dollars
- Hacked account credentials, from software licenses to social media
- All types of weapons like guns, mines, grenades, and larger assault weapons
- Stolen government-issued certificate, including social security number, driver’s license, passport information and tax account number
- Medical records
- Malware
- Fake IDs
How Does Personal Data Get Leaked to the Dark Web?
When we talk about valuable things, we tend to remember jewelry, cars, gadgets, and other expensive items. But what many people don’t know is that personal data is highly valuable. As we have become highly dependent on technology, our money and personal data are more often than not stored in the digital space. We now make payments and transactions online, secure our passwords on our phones, and provide other types of personal data to companies when required (such as driving license, social security number, and contact information).
As time has passed, the internet has become the home of incredibly vast amounts of data. Masses of information reside even in offline spaces, such as on USBs, personal computers, and so on. In short, computerized data is an essential part of our society, and it is the power it holds that attracts cybercriminals.
Let’s suppose you use your credit card information for an e-commerce site and decide to save it for later shopping. Due to some poor cybersecurity measures site and internal security systems get hands in nifty hackers. The hackers manage to access the website’s database of user payment information, which includes your credit card information. The hacker can now use your credit card information to buy goods and services with your money. Moreover, the cybercriminal could take the details they have stolen and sell them on a dark web data marketplace.
On the dark web, there are various data sale marketplaces wherein hackers can gain profit by selling the data they have gathered to another bad actor. If a dark web user is interested in buying credit card information, they can do so, which allows them to use your money without your knowledge or permission.
How to Protect Your Personal Data On Dark Web
To secure your data from going on the dark web, follow these simple guidelines:
1. Use Unique and Strong Password
You can use a password manager to generate strong and unique passwords for all social media accounts. Generic passwords, like date of birth or name of your family members or pets, are easy to crack. Don’t create the same passwords for all your accounts. Make sure your passwords are at least 16 digits long and contain a variety of letters, numbers, and symbols.
2. Set Up Multi-factor Authentication
Setting up multi-factor authentication on your accounts means that if cybercriminals can access your account credentials, they would not be able to access your account with just the passwords. It is because multi-factor authentication requires a password along with something only you have access to, like a backup code, tapping the same number on your device, or a code sent to your phone or email.
3. Stay Careful When Using Public WiFi
Don’t log in to your sensitive accounts while you are using public WiFi. According to a Kaspersky Security study, around one-fourth of the world’s public WiFi hotspots don’t have any encryption.
This is why public WiFi users are on the radar of hackers who want to steal their credentials. Let’s assume hackers can access the login details of one of your digital accounts. They can then use brute force to crack the passwords of your other accounts or access your bank details to steal your money.
Moreover, always use a VPN to hide your identity and advanced antivirus software with a firewall while accessing your online accounts on public WiFi so your data can be encrypted while logging in.
4. Take Cautions While Browsing Online
Make sure you change the default privacy settings on your devices. Plus, always clear or turn off your browser’s cookies. Additionally, you should also share limited information on your social accounts. For example, don’t use your full real name on your social media accounts. And don’t ignore reading the terms and conditions before using any application or service.
What to Do If You Found Your Personal Data On The Dark Web
If you experience a dark web data breach, follow these six steps to secure your personal information:
1. Identifying potential tools used by hackers
Always use up-to-date antivirus software and perform security scans on all your devices. If you find viruses, Trojans, keyloggers, or another type of malware, take precautions to isolate the device by turning on airplane mode or manually turning off Bluetooth or other networking. Once you have turned off the malware that is harming other devices, you can try to remove it.
2. Update Your Passwords
Review your credentials for every bank account, including your email, passwords, and two-factor authentication you use, to see if anything has changed without your knowledge. Follow the best password practices to secure your accounts:
- Use different passwords for all your digital accounts.
- Your password must have upper and lower case letters, numbers, and special characters.
- Don’t use names, dates of birth, or other personal information that cybercriminals can guess based on publicly available details.
3. Track Your Credit Card Activity
Deeply monitor your credit card activity. Are there any transactions done without your knowledge? If you find any such activity, contact the credit bureaus and ask (TransUnion, Experian, or Equifax) to have any credit activity in your name and then block it. This step is crucial to restrict anyone from opening new accounts or taking loans in your name.
4. Enable Multi-factor Authentication
Always enable multi-factor authentication for your financial accounts and other precious accounts that have your personal data. As you know, multi-factor authentication requires you first to enter your password and then provide secondary information on a separate device connected to the account. You can get this authentication via text message to your mobile number or an authentication code authorized by a third-party app such as Google Authenticator.
Multi-factor authentication ensures that if someone finds your account credentials on the dark web, they won’t be able to access your accounts.
5. Be Extra Careful With Email And Social Media
The rising cybercrime is phishing, which is an attempt to trick you into providing sensitive data through email by misrepresenting who the email is from. You can get an email from a friend or colleague asking for personal information or help, but it’s actually from a hacker trying to steal your data.
In some situations, hackers may already have some of your information but still require your address or phone number to access your accounts. Most cyberattacks are based on multiple scams, including phishing and other forms of fraud, to uncover the details they need.
Don’t respond to those emails or open links sent by email addresses you don’t know. However, it is also good not to share too many personal details online.
Be especially cautious with social media apps. Many applications are hubs for scamming activity, such as WhatsApp scams, when cybercriminals pretend to be a friend or family member calling from a new, unknown phone number and claim to have an emergency.
The Cost of Your Vulnerable Hacked Accounts
According to Privacy Affairs’ Dark Web Price Index 2021, cybercriminals can profit greatly from hacked personal information. Everything, from financial accounts to social media account credentials, is up for sale on the dark web.
1. Financial Accounts
You can get credit card information with an account balance of up to $1,000, which costs $150. Credit card data with account balances up to $5,000 just cost $240.The cost of stolen bank account details with a minimum balance of S2,000 is $120. Moreover, stolen PayPal account credentials with a minimum balance of $1,000 also cost $120.
Transferring money from a hacked PayPal account with a balance of $1,000–$3,000 costs a cybercriminal $340, whereas transferring money from a stolen PayPal account with a balance of $3,000 costs only $180. Obtaining login information from 50 hacked PayPal accounts costs $200.
Western Union transfers from stolen accounts over $1,000 cost only $45. A confirmed Stripe account with a payment gateway costs $1,000.Crypto accounts are the most vulnerable on the dark web. A Kraken hacked and verified account costs $810, a Coinbase hacked and verified account costs $610, and a Cex.io hacked and verified account costs $410.
2. Social Media Accounts
Social media and email accounts range from $35 to $80.A hacked Gmail account costs $80, while you can pay up to $35 for a hacked Twitter account. A thousand followers likes, or shares on your social network pages cost between $1 and $25. For example, hackers charge as little as $5 for 1,000 Instagram followers, but the same quantity costs $2 on Spotify.
An email database containing up to 4.78 million emails can cost as little as $10. A private USA dentist database with 122k emails costs $50. The USA Voter Database from several states costs $100.
3. Scans of Documents and Physical Copies
Passports are among the most expensive items listed on the black market index. The most costly physical Malta passport can fetch $6,500, while the cheapest Lithuanian passport costs $1,500. For a physical fake national ID, hackers charge as little as $50 for a New Jersey ID, but in some cases, hackers charge up to $500 for a Latvian ID.
Prices for duplicate copies of driver’s licenses from various states range from $20-$100. A U.S. driver’s license goes for $100, while an Australian driver’s license only requires $20.Hackers charged $8 for a hacked Uber account and $14 for a hacked Uber driver’s account. You can get a valid US security number for just $2. In comparison, a fake US Green Card sells for $150.
Final Thoughts
Nowadays, all activities are performed online, from chatting with friends to shopping with your favorite brand; even groceries are ordered online. Most people prefer online transactions rather than providing cash. But be extra careful with your bank account details or social media accounts because they are on cybercriminal’s radar. If you are not careful enough, your personal data is easy to hack and sell.