There are currently over 24 billion exposed credentials circulating the dark web, according to a 2022 report by Photon Research Team. In fact, the markets selling compromised credentials are even offering cybercriminals subscription services for purchasing these usernames and passwords. No wonder there has been a 65% increase in exposed credentials on the dark web since the last time this report was conducted in 2020.
Once your employees’ credentials are on the dark web, your entire company can be at risk. Typically, cyberattackers use Tor browsers to access the dark web and partake in illegal activity. If your personal information is available on the dark web, there is a risk that you or your team’s identities could be involved in something criminal.
Here is what you need to do if your information is found on the dark web.
What to Do After Your Information Is on the Dark Web
Any sensitive information on the dark web can potentially lead to a significant problem in your personal or professional life. Not sure where to begin? Use the steps below as a checklist of what you should do if your personal details are ever found on the dark web.
1. Scan Your Computer for Viruses and Malware
Before you take action and start immediately changing your passwords, conduct a complete scan of your computer. First, you must determine if your devices are infected in any way. If your computer is infected with malware, creating new passwords will be a waste of time since they will still get logged in by unauthorized software.
Run antivirus software and an anti-malware program on your computer. If you currently do not have one installed on your device, free options such as BitDefender for Windows and Avast for Mac are available online.
Once you run your antivirus software, review the threats and take action to remove the virus or malware. Your software should take you through these steps. After clearing your computer of viruses, you can proceed with the next step.
2. Change Your Passwords
Update your credentials immediately. Change all passwords associated with the breached email address or account. If your device was compromised, you should update all of your online accounts. Not sure how to create a unique password? Use these tips below to create a strong password:
Increase the character length
Combine uppercase and lowercase letters
Incorporate numbers and special symbols
Be sure to avoid:
Using real words
Incorporating personal details such as special dates or names
Reusing passwords across multiple accounts
After strengthening your password security, enable Two-Factor Authentication (2FA) on your accounts for added protection.
3. Check Your Financial Accounts
One email address on the dark web may not compromise all your online accounts, but it is better to be safe than sorry.
Get a copy of your credit report from one of the three credit bureaus. Check your online bank accounts for any suspicious activity by logging into the account or calling a branch directly. If you do not feel comfortable logging into the account with a potentially infected computer, log into the account through your mobile device using mobile data.
Using data is less risky than using a potentially compromised WiFi connection. Alternatively, call your bank, credit card issuers and credit firms and talk to them directly to see if any accounts have been compromised.
If you encounter strange activity, ask the institution to close the account. Your bank and credit card lenders should be able to shut down any compromised accounts and open new ones for you. Place a security freeze on your credit. Freezing your credit will prevent a cyberattacker from accessing your credit report and opening up new credit cards or loans under your identity. Additionally, they can assist you in setting up security alerts so that you will be alerted of any suspicious activity in the future.
4. Adjust Your Cybersecurity Processes and Practices
If your information made its way to the dark web, it means there is a weak spot in your company’s cybersecurity. Once you have determined how your information was leaked on the dark web, implement policies to prevent it from happening again.
According to Verizon’s 2022 Data Breach Investigation Report, 82% of data breaches in 2021 involved a “human element.” This included acts such as falling for phishing attacks, reuse of stolen credentials, insider misconduct or simply causing a configuration error. It is critical to educate your employees to protect your company. For example, if an unauthorized user obtained your credentials through a phishing attack, consider holding a team-wide info session on how to spot a phishing email.
In fact, there were 1,025,968 phishing attacks in the first quarter of 2022 — a 15% increase from the fourth quarter of 2021, according to the Phishing Activity Trends report by the Anti-Phishing Working Group. It’s essential to stay updated on the latest cybersecurity news and be aware of cyberattackers’ tactics to fool their victims.
Be diligent in your actions moving forward. Don’t click on questionable hyperlinks. Only make transactions on credible websites. Clean up your browser extensions and adjust your permissions. Keep reading to learn how to prevent your sensitive information from ending up on the dark web again or even in the first place.
How to Prevent Your Information from Ending up on the Dark Web
Strengthening your security posture is the best form of defense from attackers. Follow these recommendations to prevent your information from making its way to the dark web.
34% of respondents aged 45-54 have trusted their partner/spouse with their passwords.
56% of respondents are guilty of password reuse and use the same password for multiple sites/apps.
24% of respondents aged 18-24 use their birthday when creating passwords.
Password managers help combat weak passwords by auditing your password security and notifying you of any weak or repeated passwords. Password management tools also provide a password generator that creates strong passwords for you. Your credentials are stored in a digital vault to save you time from having to memorize them. Autofill prevents you from typing out your login details, stopping keylogging software.
Even if a cybercriminal does get a hold of a set of company credentials, MFA blocks the unauthorized user from accessing your account further. Once the attacker attempts to log in, MFA may prompt them to:
Enter a verification code delivered via SMS or email
Provide a biometric scan of their fingerprint
Answer personal security questions based on employee
Avoid Public WiFi
In 2022, many companies have switched to a remote or hybrid model, so teams must practice password hygiene wherever they are. Public WiFi can expose you and your team to risks to your security and information. Public WiFi users are susceptible to a Man-in-the-Middle (MITM) attack, where an attacker uses the public WiFi connection to gain access to your browser or app and access your data.
How Keeper Can Protect Your Organization from the Dark Web
A dark web monitoring tool like BreachWatch helps you and your team stay alert in case any email addresses or data makes its way to the dark web. Scan your email for free to see your cyber risk.
Want to see how Keeper can protect your organization? Start your 14-day free business trial and see why thousands of enterprises use our password management platform.
Frequently Asked Questions
Is the dark web a real threat to my private information?
Yes. Once your information has made its way to the dark web, any online accounts associated with the compromised details are at risk. The severity of the situation can range from a breached online account to full-on identity theft. Take precautions to ensure that your private information is secure.
How did my email get on the dark web?
There are infinite ways that information can make its way to the dark web. Among other tactics, cyberattackers use malware, phishing emails, brute force attacks and social engineering to get their hands on credentials. Additionally, check to see if any data breaches involved any cloud platforms you use. This may be another reason for compromised credentials.
Can your information be removed from the dark web?
Removing your information from the dark web would be virtually impossible. This would require you to get in touch with the person that leaked the information in the first place and request that they remove it. Given the anonymity of the dark web, tracking the culprit would be a near-impossible task.
How do I know if my email is on the dark web?
You can use a dark web monitoring tool to notify you whenever your email or personal information is found on the dark web. The notification allows you to take action instantly before a cyberattacker has an opportunity to cause any damage.
Craig Lurey
Craig Lurey is the CTO and Co-Founder of Keeper Security. Craig leads Keeper’s software development and technology infrastructure team. Craig and Darren have been active business partners in a series of successful ventures for over 20 years. Prior to building Keeper, Craig served at Motorola as a software engineer creating firmware for cellular base station infrastructure and founded Apollo Solutions, an online software platform for the computer reseller industry which was acquired by CNET Networks. Craig holds a bachelor’s degree in Electrical Engineering from Iowa State University.
Get the latest cybersecurity news and updates sent straight to your inbox
Share this blog
You May Also Like
How To Send Your Social Security Number Safely
The safest way to send your Social Security number (SSN) is by using a password manager. A password manager is a tool used to keep passwords and other sensitive data secure at all times. A little-known...