Most of us use the surface web when we’re online, but below this realm exists multiple other layers, including the dark web. The dark web is an amalgamation of harmful and harmless sites, but its huge holding of stolen personal information has long-since posed a cybersecurity threat to individuals and organizations alike.
But just how common is it for one’s personal data to be found on the dark web, and what can you do if you find your sensitive information is up for sale on a malicious platform?
Why Is There Personal Data on the Dark Web?
When we imagine valuable things, we tend to think of jewelry, cars, tech devices, and other pricey products. But what many people don’t know is that personal data is hugely valuable. As we’ve become increasingly dependent on technology, our money and private data is, more often than not, stored in the digital space. We now make payments and financial changes online, secure our passwords on our phones, and provide other kinds of personal data to companies when asked for it (such as our driver’s license, social security number, or contact information).
As the years have passed, the internet has become the home of unimaginably huge amounts of data. Even in offline spaces, masses of data reside, such as on flash drives, personal computers, and similar. In short, digital data is an inherent part of our society, and it’s the power it holds that lures in cybercriminals.
Let’s say you provide your credit card information to an e-commerce site, and decide to save it for future purchases. Due to some stroke of bad luck, nifty hackers, or poor cybersecurity measures, the company’s internal systems get hacked. The hackers manage to access the company’s database of user payment details, which includes your credit card information. The cybercriminal can now use your card details to make purchases using your money.
On the other hand, the cybercriminal could take the information they’ve stolen and put it up for sale on a dark web data marketplace.
That’s right. There are numerous data sale platforms on the dark web, wherein hackers can make a profit selling the information they’ve gathered to another malicious actor. If a dark web user fancies buying your credit card information, they can do so, which allows them to spend your money without your knowledge or permission.
How Data Is Sold on the Dark Web
There are many different kinds ofdata that can be bought or sold on the dark web, including:
A 2022NordVPN studyfound that 43 percent of dark web data listings consisted of personal documents, such as driving licenses, passports, and social security numbers. Another 39 percent of information comprised financial details, such as crypto and bank account logins, and, most notably, payment card data.
NordVPN also found that payment card details, driving licenses, and full personal identity datasets were the three most common items up for sale on these marketplaces.
A cybercriminal may want such information to hack a victim, or may be looking to commit identity fraud. Either way, the outcome is bad news.
A lot of dark web data isn’t awfully expensive, either. A criminal doesn’t have to spend thousands of dollars for some login details or payment card information. Depending on the platform being used, data can be bought for less than $100.
When a criminal finds the data they want, they usuallypay for it with cryptocurrency, specifically Bitcoin, Litecoin, Monero, or Zcash. Cryptocurrencies offer higher privacy levels than traditional money, and this is especially the case for privacy coins, which conceal wallet addresses and make transactions untraceable.
How to Tell if Your Data Is on the Dark Web
The best way to find out whether your data is being sold on the dark web is to use a monitoring tool.
Nowadays, a number of antivirus programs offer dark web monitoring as part of their paid service. Take Norton, for example. This antivirus provider’s dark web monitoring tool scans dark web forums for your personal information, and notifies you if it gets a match.
As you can see below, Norton lets you enter a range of different details for dark web monitoring.
However, there is a caveat here. Norton, as well as any other antivirus provider, cannot remove your information from the dark web. All it can do is alert you of its presence.
Unfortunately, it’s not easy to get your data removed from the dark web. Of course, you can’t just ask the original seller, as they have no intention of obeying your wishes. Additionally, it’s very tough to locate exactly where your information is being sold. Accessing the dark web is risky business, and it’s not safe to do so unless you’re fully aware of the dangers and have top-level security on your side.
So, in this case, prevention is better than cure. But can anything be done to prevent your data ending up on a dark web marketplace?
How to Keep Your Data Off the Dark Web
It’s impossible to guarantee the safety of your data, but there are a number of things you can do to lower the chance of it ending up on a dark web marketplace.
1. Don’t Shop on Shady Sites
Lacking security makes a site an easier target for hackers, who stand a chance of accessing your personal data if you’ve already opened an account with the site. Alternatively, a site may have malicious operators whose sole focus is the theft of user data. These operators may head to a dark web platform to make a profit from your data, while you are completely unaware.
2. Be Vigilant of Phishing Emails
Phishing is one of the leading causes of data theft, and is often conducted via email. When a victim fully interacts with a phishing email (i.e. they open a malicious link and enter personal data, or open a malicious attachment), trouble will likely follow. Cybercriminals use phishing to trick victims into essentially giving their data away, often via malicious dupe websites that are designed to look like an official, trusted platform.
There are anumber of red flags that a phishing email may contain, including:
3. Store Your Data Securely
If you store any kind of sensitive data digitally, such as passwords, health records, or a photo ID, make sure you’re doing so securely. Using your computer or smartphone’s notes or word document app simply isn’t enough, as these applications are not designed to remain protected.
Using a flash drive is one way of securing your data, especially if it’s an encrypted USB stick. Of course, this should always be stored in a secret location when not in use.
You should also considerusing a reputable password managerto store your login credentials. Many password managers also allow you to store other kinds of sensitive data, such as bank account details, passport details, social security numbers, or authentication codes. Dashlane, NordPass, and Bitdefender are three great examples of reliable password managers that use multiple security protocols to keep your data safe.
4. Limit App Permissions
The apps you use will often collect various kinds of user data, such as location, contact details, IP address, and device information. Some platforms allow you to choose what kind of data is collected about you, and you can often control this in the app’s permissions section. Limiting access to certain parts of your device, such as your emails, GPS location, or contacts, can help you mitigate damages if the app you’re using suffers a data breach.
The Dark Web’s Data Market Is Huge
While many of us would like to think that we’re completely detached from the dark web, this simply isn’t the case. Even if you’ve only ever used the surface web, your data is still vulnerable, and may end up on an illicit marketplace, sold off to the highest bidder. While this can never be fully avoided, there’s plenty you may do to secure your data as much as possible, keeping it out of the hands of cybercriminals.
