Written by Craig Lurey
There are currently over 24 billion exposed credentials circulating the dark web, according to a 2022 report by Photon Research Team. In fact, the markets selling compromised credentials are even offering cybercriminals subscription services for purchasing these usernames and passwords. No wonder there has been a 65% increase in exposed credentials on the dark web since the last time this report was conducted in 2020.
Once your employees’ credentials are on the dark web, your entire company can be at risk. Typically, cyberattackers use Tor browsers to access the dark web and partake in illegal activity. If your personal information is available on the dark web, there is a risk that you or your team’s identities could be involved in something criminal.
Here is what you need to do if your information is found on the dark web.
Any sensitive information on the dark web can potentially lead to a significant problem in your personal or professional life. Not sure where to begin? Use the steps below as a checklist of what you should do if your personal details are ever found on the dark web.
Before you take action and start immediately changing your passwords, conduct a complete scan of your computer. First, you must determine if your devices are infected in any way. If your computer is infected with malware, creating new passwords will be a waste of time since they will still get logged in by unauthorized software.
Run antivirus software and an anti-malware program on your computer. If you currently do not have one installed on your device, free options such as BitDefender for Windows and Avast for Mac are available online.
Once you run your antivirus software, review the threats and take action to remove the virus or malware. Your software should take you through these steps. After clearing your computer of viruses, you can proceed with the next step.
Update your credentials immediately. Change all passwords associated with the breached email address or account. If your device was compromised, you should update all of your online accounts. Not sure how to create a unique password? Use these tips below to create a strong password:
Be sure to avoid:
After strengthening your password security, enable Two-Factor Authentication (2FA) on your accounts for added protection.
One email address on the dark web may not compromise all your online accounts, but it is better to be safe than sorry.
Get a copy of your credit report from one of the three credit bureaus. Check your online bank accounts for any suspicious activity by logging into the account or calling a branch directly. If you do not feel comfortable logging into the account with a potentially infected computer, log into the account through your mobile device using mobile data.
Using data is less risky than using a potentially compromised WiFi connection. Alternatively, call your bank, credit card issuers and credit firms and talk to them directly to see if any accounts have been compromised.
If you encounter strange activity, ask the institution to close the account. Your bank and credit card lenders should be able to shut down any compromised accounts and open new ones for you. Place a security freeze on your credit. Freezing your credit will prevent a cyberattacker from accessing your credit report and opening up new credit cards or loans under your identity. Additionally, they can assist you in setting up security alerts so that you will be alerted of any suspicious activity in the future.
If your information made its way to the dark web, it means there is a weak spot in your company’s cybersecurity. Once you have determined how your information was leaked on the dark web, implement policies to prevent it from happening again.
According to Verizon’s 2022 Data Breach Investigation Report, 82% of data breaches in 2021 involved a “human element.” This included acts such as falling for phishing attacks, reuse of stolen credentials, insider misconduct or simply causing a configuration error. It is critical to educate your employees to protect your company. For example, if an unauthorized user obtained your credentials through a phishing attack, consider holding a team-wide info session on how to spot a phishing email.
In fact, there were 1,025,968 phishing attacks in the first quarter of 2022 — a 15% increase from the fourth quarter of 2021, according to the Phishing Activity Trends report by the Anti-Phishing Working Group. It’s essential to stay updated on the latest cybersecurity news and be aware of cyberattackers’ tactics to fool their victims.
Be diligent in your actions moving forward. Don’t click on questionable hyperlinks. Only make transactions on credible websites. Clean up your browser extensions and adjust your permissions. Keep reading to learn how to prevent your sensitive information from ending up on the dark web again or even in the first place.
Strengthening your security posture is the best form of defense from attackers. Follow these recommendations to prevent your information from making its way to the dark web.
Weak passwords and password reuse are some of the leading causes of compromised accounts. Results from Keeper’s 2022 Password Practice Report found that:
Password managers help combat weak passwords by auditing your password security and notifying you of any weak or repeated passwords. Password management tools also provide a password generator that creates strong passwords for you. Your credentials are stored in a digital vault to save you time from having to memorize them. Autofill prevents you from typing out your login details, stopping keylogging software.
Additional features such as dark web monitoring or advanced reporting and alerts can bolster your security for added protection. Watch the video to learn more about dark web monitoring.
Multi-Factor Authentication (MFA) can prevent 99.9% of password-related cyberattacks on your accounts, according to Microsoft. Require your employees to enable MFA on all accounts that support it.
Even if a cybercriminal does get a hold of a set of company credentials, MFA blocks the unauthorized user from accessing your account further. Once the attacker attempts to log in, MFA may prompt them to:
In 2022, many companies have switched to a remote or hybrid model, so teams must practice password hygiene wherever they are. Public WiFi can expose you and your team to risks to your security and information. Public WiFi users are susceptible to a Man-in-the-Middle (MITM) attack, where an attacker uses the public WiFi connection to gain access to your browser or app and access your data.
It would help if you used a private connection to keep your records safe when working off-site. If you must use public WiFi, then also use a VPN. Read more on some top password hygiene best practices for working remotely.
A dark web monitoring tool like BreachWatch helps you and your team stay alert in case any email addresses or data makes its way to the dark web. Scan your email for free to see your cyber risk.
Want to see how Keeper can protect your organization? Start your 14-day free business trial and see why thousands of enterprises use our password management platform.
Yes. Once your information has made its way to the dark web, any online accounts associated with the compromised details are at risk. The severity of the situation can range from a breached online account to full-on identity theft. Take precautions to ensure that your private information is secure.
There are infinite ways that information can make its way to the dark web. Among other tactics, cyberattackers use malware, phishing emails, brute force attacks and social engineering to get their hands on credentials.
Additionally, check to see if any data breaches involved any cloud platforms you use. This may be another reason for compromised credentials.
Removing your information from the dark web would be virtually impossible. This would require you to get in touch with the person that leaked the information in the first place and request that they remove it. Given the anonymity of the dark web, tracking the culprit would be a near-impossible task.
You can use a dark web monitoring tool to notify you whenever your email or personal information is found on the dark web. The notification allows you to take action instantly before a cyberattacker has an opportunity to cause any damage.
You May Also Like
The safest way to send your Social Security number (SSN) is by using a password manager. A password manager is a tool used to keep passwords and other sensitive data secure at all times. A little-known...
Choose Language