Email addresses and more sensitive information 4.239 British, European, French, Italian and Spanish politicians and US civil servants have been leaked to dark web markets, where data is bought and sold illegally. "But how is that possible?" you will wonder. "The answer is simpler and possibly more worrying than you think," explains Phil Muncaster from the team at global security software company ESET. “Many have signed up for online accounts using their official email address and entered Personally Identifiable Information (PII). The service companies' systems were then breached by cybercriminals, who shared or sold the data to other threat actors on the dark web."
Unfortunately, this isn't something that's limited to politicians or public figures, and it's not the only way someone's data can end up in the shadowy part of the internet. It could happen to anyone – possibly even when they do everything right. And often, it does. That's why it pays to pay more attention to your digital footprint and the data that matters most to you.
The dark web is thriving
Contrary to popular belief, the dark web is not illegal and is not only full of cybercriminals, explains ESET's Muncaster. These are simply parts of the web that are not indexed by traditional search engines: a place where users can roam anonymously using the Tor browser.
However, it is also true that today's cybercrime economy is based on the dark web, with many dedicated forums and marketplaces that cybercriminals visit en masse while hiding from law enforcement, (however some of the malicious activity is increasingly spread across known social platforms networking in recent years).
As a catalyst for a criminal economy worth trillions of dollars, dark web sites allow threat actors to buy and sell stolen data, hacking tools, DIY guides, service offerings and more with impunity. Despite periodic crackdowns by law enforcement, these sites continue to adapt, with new platforms emerging to fill the gaps.
Dark Web how much does it cost to hire a hacker
When researchers from Proton and Constella Intelligence looked, they found that two-fifths (40%) of British, European and French MPs' email addresses were exposed on the dark web. That means almost 1.000 out of 2.280 possible emails. Even worse, 700 of those emails had passwords associated with them, stored in plain text and exposed on dark web sites. Combined with other exposed information, such as dates of birth, home addresses and social media accounts, they provide a treasure trove of data that can be used in subsequent phishing attacks and identity fraud.
Figure 1. A list of stolen credentials for sale, such as she was recently spotted by Jake Moore by her team ESET.
How does my data end up on the dark web?
There are several ways your data could end up on a forum or website on the dark web.
- Data breaches in organizations: Your data has been stolen from an organization you've worked with that has collected your data in the past. In the US, 2023 was a record year for data breaches of this type: More than 3.200 incidents at organizations resulted in the breach of data belonging to over 353 million customers.
- Attacks Phishing: One of your online accounts (eg email, bank, social media) is compromised through a phishing attack. An email, SMS or message that looks legitimate contains a link that may install information-stealing malware or trick you into entering your personal information and/or login details (eg a fake login page for Microsoft 365).
- Credential stuffing: An online account is compromised through a brute-force attack. (credential stuffing, dictionary attack, etc.) where hackers guess your password or use already compromised connections to other sites. Once they get into your account, they steal more personal information stored there to sell or use.
- Information stealing malware: Your personal data is stolen through information-stealing malware, which can be hidden in apps and downloadable files (such as pirated movies/games), phishing attachments, malicious ads, websites, etc.
Figure 2. PayPal and credit card accounts for sale, which detected by ESET researchers
However criminals manage to obtain your data, it could then be given or sold to a cybercrime website on the dark web. Depending on the type of data, whoever gets their hands on it will likely use it to:
- Hack into your bank accounts to steal more information including bank/card details.
- Design more convincing phishing messages that use some of the stolen information in an attempt to get you to give them more personal information.
- Hack into your email or social media accounts to spam friends and contacts with malicious links.
- Commit identity fraud.
Figure 3. Cybercriminals they give step-by-step instructions
How can I check it?
If you subscribe to an identity protection or dark web monitoring service, it must flag any Personally Identifiable Information (PII) or other data it finds on the dark web. Tech companies like Google and Mozilla will also notify you when a saved password has been found in a data breach or needs to be updated to a more secure, harder-to-crack version.
Exclusive: The first Greek market in DarkNet
Importantly, dark web monitoring is often also part of a range of services provided by security vendors, whose products obviously come with many other benefits and are a critical element of your personal security.
Alternatively, you could proactively visit a website like HaveIBeenPwned, which has compiled large lists of compromised email addresses and passwords that can be safely searched.
What should I do if my information has been stolen?
If the worst happens and you find that your data has been exposed and is being trafficked on the dark web, consider taking emergency measures such as:
- Change all passwords on your accounts, especially those that have been compromised, with strong, unique credentials.
- Use a password manager to store and recall saved passwords and passphrases
- Enable two-factor authentication (2FA) on all accounts that offer it.
- Notify relevant authorities (law enforcement, social media platform, etc.)
- Make sure all your computers and devices have security software installed from a trusted vendor.
- Freeze your bank accounts (if necessary) and apply for new cards. Watch the cards for any unusual purchases.
- Watch for other unusual activity on accounts, such as inability to log in, changes to security settings, messages/updates from accounts you don't recognize, or logins from strange locations and times.
Long term security
To prevent being targeted by cybercriminals in the future:
- Be wary of sharing too much information online.
- Review the security/privacy settings of your social media accounts.
- Activate "stealth mode" - that is, when necessary, use options such as disposable email addresses to avoid giving out your personal information.
- Never respond to emails, texts or calls from strangers you don't recognize – especially those that try to pressure you into immediate action without thinking it through first.
- Use strong and unique passwords on all accounts that offer it, and enable a strong form of 2FA for added protection.
- Invest in a reliable dark web monitoring service that will alert you to personal information being trafficked and potentially allow you to take action before cybercriminals can use your data.
Having your personal information and/or identity stolen is not very pleasant. It can be a traumatic, stressful experience that can take weeks or months to resolve. Find out what's lurking on the dark web right now and you might never get to that stage.