SEARCH
SHARE IT
How did 44% members of the European Parliament (MEPs) and 68% of British MPs let their personal details end up circulating on the dark web? The answer is simpler and possibly more alarming than you may think: many will have signed up to online accounts using their official email address, and entered additional personally identifiable information (PII). They will then have been helpless as that third-party provider was breached by cybercriminals, who subsequently shared or sold the data to other threat actors on the dark web.
Unfortunately, this is not something confined to politicians or others in the public eye and it’s not the only way one’s data can end up in the internet’s seedy underbelly. It could happen to anyone – possibly even when they do everything correctly. And frequently, it does happen. That’s why it pays to keep a closer eye on your digital footprint and the data that matters most to you.
First things first: Contrary to popular assumption, the dark web is not illegal and it’s not populated solely by cybercriminals. It merely refers to parts of the internet that aren’t indexed by traditional search engines: a place where users can roam anonymously using Tor Browser.
However, it’s also true to say that today’s cybercrime economy has been built on a thriving dark web, with many of the dedicated forums and marketplaces visited by cybercriminals in their droves while being hidden from law enforcement. (That said, some of the nefarious activities have increasingly been spilling onto well-known social media platforms in recent years.)
As an enabler for a criminal economy worth trillions, the dark web sites allow threat actors to buy and sell stolen data, hacking tools, DIY guides, service-based offerings and much more – with impunity. Despite periodic crackdowns by law enforcement, these sites continue to adapt, with new platforms emerging to fill the gaps left as previous incumbents are dismantled by the authorities.
When Proton and Constella Intelligence researchers went looking, they found that a staggering two-fifths (40%) of British, European and French parliamentarians’ email addresses were exposed on the dark web. That’s nearly 1,000 out of a possible 2,280 emails. Even worse, 700 of these emails had passwords associated with them stored in plain text and exposed on dark web sites. When combined with other exposed information including dates of birth, home addresses, and social media account handles, they provide a treasure trove of identity data that can be used in follow-on phishing attacks and identity fraud.
There are various ways your own data could end up in a dark web forum or site. Some may be the result of negligence while many others are not. Consider the following:
However the bad guys get hold of your data, once it’s shared on a dark web cybercrime site it could then be given away or sold to the highest bidder. Depending on the type of data, whomever gets hold of it will likely use those logins and PII to:
If you’re signed up to an identity protection or dark web monitoring service, it should flag any PII or other data it finds on the dark web. Tech companies, including Google and Mozilla, will also alert you when a saved password has been found in a data breach, or may require updating to a more secure, harder-to-guess version.
Importantly, dark web monitoring is often also part of a range of services provided by security vendors, whose products obviously come with many other benefits and are a critical component of your personal security stack.
Alternatively, you could proactively visit a site like HaveIBeenPwned, which has compiled large lists of breached email addresses and passwords that can be securely queried.
If the worst happens and, like a British politician, you find your data has been exposed and is being traded on the dark web, what happens next? In the short term, consider taking emergency steps such as:
To avoid being hit in the future, consider:
It’s not much fun having your personal information and/or identity stolen. It can be a traumatic, stressful experience which may last weeks or months before a resolution. See what’s lurking out there on the dark web right now and it may never get to that stage.
MORE NEWS FOR YOU