It is a scary realization, but your digital identity might be up for grabs to the highest bidder on the dark web.
Up to 25 billion phone numbers, email addresses, credit card details and log-in details were on sale last year, according to a report from the Digital Shadows Photon Research team, ‘Account Takeover in 2022.’
Criminals can buy goods using your bank account, receive medical care on your health insurance and even commit crimes under your name.
While you cannot remove your information from the dark web, you can see if it is on its black market.
Cybersecurity experts recommend using scanners and websites which search the dark web on your behalf.
Your personal data could be up for grabs on the dark web. There are websites, scanners and password managers that will let you know if it is
Users can go to websites like ID Security and Have I Been Pwned that will use your email address or phone number to see if you are on the dark web.
Password managers like LastPass and Apple’s Keychain show if your passwords have been compromised or overused by scouring the black market and alerting users how many times their passwords appear.
The dark web is one of three layers of the internet – the other two are the surface and deep web.
Unlike the world wide web, the dark web cannot be accessed through search engines.
Users need an anonymizing browser called Tor – short for The Onion Router – a seething matrix of encrypted websites that allows users to surf beneath the everyday internet with complete anonymity.
It uses numerous layers of security and encryption to render users anonymous online, opening users up to a lawless land where child pornography, human trafficking, assassins for hire and other illegal goods are easily accessed.
And it is the go-to place to buy and sell people’s personal information.
About 6.7 billion of the offerings on the dark web in 2022 ‘had a unique pairing of username and password, indicating that the combination was not duplicated across databases, according to a report from the Digital Shadows Photon Research team.
This data is collected through data breaches of large organizations, such as banks, medical facilities and credit card companies.
HaveIBeenPwned is a way to check if your information may have been collected during a hack.
This website covers over 11 billion stolen records
Indiana University cybersecurity program director Scott Shackelford told CBS: ‘Just put in your email address and it shows how many times that email account has shown up in breaches and how many times it’s appeared, for example, on the dark web.’
There is also the option of paying for a dark web monitor, which continuously scans the dark web for your data, such as Aura, LifeLock and ID Watchdog.
Most of these services charge $10 a month, on average.
However, due to criminal activity, dark web scanners cannot cover all the stolen data across the entire dark web.
This is because most of the stolen data is traded privately.
Password managers also monitor the dark layer of the internet and send users alerts if their credentials are compromised.
Apple’s keychain encrypts account names and passwords for your Mac, apps, servers, and websites, and confidential information, such as credit card numbers or bank account PIN numbers.
When you access a website, email account, network server, or another password-protected item, you can save the password in your keychain so you do not have to remember or enter the password each time.
Cybersecurity experts recommend using scanners and websites, like ID Security and Have I Been Pwned, which search the dark web on your behalf
Password managers like LastPass and Apple’s Keychain show if your passwords have been compromised or overused
And it also blocks it from being seen by preying eyes online but notifies you if your passwords have been compromised.
‘When you first log in, it says, for example, 25 times this information has appeared in breaches, and that can prompt you to be a little more proactive and change those passwords,’ Shackelford told CBS.
Users daring enough to venture onto the dark web to search for their own information can do so by downloading Tor.
‘Unlike ‘dot com’ for example, all these end in ‘dot onion’ because it’s a different type of protocol to get you there,’ Shackelford said.
The birth of the dark web occurred around 2000 with the release of Freenet, a thesis project of University of Edinburgh student Ian Clarke, who set out to create a ‘Distributed Decentralized Information Storage and Retrieval System.’
Clarke wanted to create a new way to communicate anonymously and share files online, which was the basis for the Tor Project, released in 2002.
The US Navy developed ‘dot onion’ to avoid detection and surveillance while operating online.
However, navigating Tor is really only possible for seasoned dark web users.
‘You don’t actually go to web domains like ‘criminal-dot-onion’ something like that,’ Shackelford said.
‘They’re all anonymized, so they’re all just strings of numbers and letters, so it’s actually quite tough to find a lot of these.’
