With data breaches affecting organizations almost every day, it’s very likely that your personal information has been compromised — and once it ends up on the Dark Web, you remain at risk indefinitely. The 2018 End-of-Year Data Breach Report shows that while the total number of data breaches dropped in 2018, the number of stolen records surged by over 126 percent. This not only marks a large increase in the amount of Personal Identifiable Information (PII) now accessible to cybercriminals, but also suggests that breaches are growing larger, with more data exposed in each incident.
Many of us are experiencing data breach fatigue — the idea that individuals and organizations have become immune to the effects of data breaches and are less motivated to do anything to protect themselves. But while we are mistakenly putting our guard down, hackers continue to use our personal information for their own financial gain.
Credential Stuffing Attacks
One of the main ways that hackers utilize information stolen through data breaches is by credential stuffing, a cyberattack where large numbers of hijacked usernames, email addresses, and related passwords are used to attempt account logins at targeted web applications through an automated process. This is especially dangerous for consumers who use the same username and password combinations for multiple accounts.
In January of 2019, Have I Been Pwned? shared Collection #1, a database of 773 million unique pairs of email addresses and passwords that had been discovered circulating on a criminal forum on the Dark Web. Later that month, Collections #2-5, containing another 2.2 billion credentials, were also discovered. In February of 2019, 617 million stolen credentials from 16 websites were listed for sale on the Dark Web. That’s a lot of personal information up for grabs!
I Changed My Passwords. Am I Safe Now?
The simple answer is “no.” When the stolen data is your personal identity — your name, social security number, or other persistent record tied to who you are — it never expires. And, as long as cybercriminals continue to breach companies who collect such information, it is constantly being packaged, resold, and used for different malicious activities. Even your children are at risk.
A hacker recently contacted The Register to inform them that they were responsible for the leaked 617 million credentials I mentioned above. The cybercriminal stated that their goal is to make money and make hacking easier for others — at the cost of making the lives of their victims difficult. These communications are a clear display that hackers only care about profiting by selling our data, with no regard for the consequences for those affected.
How Can I Protect Myself?
Every organization is vulnerable to hacks, and it is important not to become complacent when it comes to protecting your identity. No matter how long ago you may have been affected, you never know when your personal information or login credentials will be used against you.
Tips to Protect Your Identity on the Dark Web
- Don’t use the same password for multiple web sites. Use a password manager to generate unique credentials for every online account.
- Use two-factor authentication. Requiring an additional level of security can often thwart hackers from gaining access.
- Invest in identity theft protection. Make sure you and your family are protected now and into the future.