How to Find Out Whether Your Information is Being Sold on the Dark Web
Your data is worth dollars, and cybercriminals may be making bank on it on the dark web.
It’s an unfortunate reality that cybercriminals are scavenging the Internet for data that they can sell on darknet marketplaces and hacker forums. That’s not a conspiracy theory or paranoia. That’s a fact.
Sticking to basic cybersecurity and password best practices will go a long way in protecting your data. However, corporate data breaches have become so common that the chance of at least some of your data being out there is actually quite high, and increasing.
So, how do you know if your data is for sale?
Let’s dive into that!
Since you don’t want to spend hours of your time scouring darknet forums and marketplaces looking for your data, let me introduce you to two things: dark web scans and haveibeenpwned.
What is a Dark Web Scan?
A dark web scan is a service that searches for your personal information on the dark web to see if cybercriminals are selling it.
However, not all dark web scans are created equal.
As you can probably imagine, the free options you find online are not always as powerful as the high-end paid versions.
Examples of (paid & free) dark web scanning and monitoring software include:
The thing with commercial dark web monitoring software, which typically focuses on identity theft and bank account breaches, is that - for the most part - they only scratch the surface. Moreover, you are - ironically - handing over more data to companies that could suffer data breaches. Experian, for example, had a massive data breach that affected 24 million of their customers.
Don’t get me wrong. I am not saying these services are pants. I am just saying there are pros and cons.
So what else can you do?
DIY Data Breach Checking using HAVEIBEENPWNED
Arguably the easiest way to find out if your personal data (notably accounts linked to your email addresses) have been breached is to use the platform haveibeenpwned.com.
HaveIBeenPwned.com is “a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.”
All you have to do is type in your email address, and it will show you if it has appeared in any database breaches.
So, let’s try it. :)
OK, so that’s good news.
The email I use for my newsletter has not been found in any data breaches.
Now, let’s try me try a different email address….
Oops!
17 data breaches. Ouch!
However, going through the list of breaches and potential breaches, which are listed when you scroll down on the site, I am aware of (almost) all of them. And since I regularly change my password and use a password manager, I am not worried about these breaches.
Nonetheless, before publishing this issue of A Little Bit of Anarchy, I changed the password again. Just to be safe. :)
So, go on, put in your email, and have your day ruined. :)
And then, change your password.
Peace, love, and anarchy,
Alex Lielacher