When I received an email that read, “Information about you may have been exposed on the dark web,” I had so many questions. What does this mean? What do I do? How do I protect myself? I logged on to my identity theft protection service to find the answers to my questions.
The website clearly and concisely explained what they found and what I should do. It read:
What is this notification and why are you receiving this?
The exposed information is potentially associated with the website/service sharethis.com. In the past you may have signed up for sharethis.com or provided the information to a service that is in some way associated with sharethis.com.
It may be difficult for you to remember – or you simply may not know – other services are associated with sharethis.com. What is important to know is that information belonging to you appears as if it is being shared improperly on the dark web.
Exposed information from data breaches, hacking incidents or leaked information, can be bought and sold on the dark web as “lists.” The buying and selling activity by identity thieves may occur months to years after it was actually exposed in a security incident.
Even though you may have stopped using sharethis.com, or perhaps deactivated the account, or maybe unsubscribed, the information could still be available in their systems.
The site sharethis.com had been reported in February 2019 to possibly have suffered a data exposure that could include names, usernames, emails and passwords.
Any personally identifiable information that has been taken during a breach, hacking incident or leaked information is referred to as exposed. This data may show up on the dark web where cybercriminals look to sell this information to make money. Exposed information does not yet necessarily mean that it has been used to hack into your account or to commit identity theft.
The following information has been exposed on the dark web; even though you have not provided this information to us, it may be associated with your identity. Note that stolen data on the dark web can often be outdated or unrelated to you.
Additional Exposed Information
Password, Full name
What can you do next?
Being proactive with best practices and next steps, such as the following, can help:
• Change the password associated with the affected website or any other site that uses that password.
• If you do not remember your password, perform a password reset on the site.
Review your credit report, watch for new credit inquiry alerts or suspicious activity, and consider freezing your credit file.
The good news, I have never used that website before. My personal information was not exposed, but this was a great reminder to change passwords and ensure the sites I do use are secure.
However, I still had so many other questions starting with, “What is the dark web?” I found out the world wide web has three different levels and the content is based on the access available and common purposes.
Information you readily find on public search engines such as Google™ or Microsoft® Bing. Most internet users spend their time at this level shopping, searching for information, and sharing photos and videos on social media.
The Deep Web
The deep web is the next level. These sites are not indexed by search engines, meaning they will not show up in search results using Google or other publicly available search engines. Examples of deep web content includes:
• Internal company sites
• School intranets
• Online databases
• Member-only websites or pages which require a subscription or payment to access
These sites are found in the deep web level because the sites are only intended for member–access – such as those behind paywalls or which require authentication. While the name may sound menacing, most deep web sites are legitimate and lawful, just hidden from or not indexed by any public browsers on purpose. Sometimes the deep web is referred to as a “bad” place only because it is being confused with the dark web.
The Dark Web
Below the deep web lies the dark web. The dark web is a hidden network of websites which are inaccessible through standard browsers or methods. Accessing it often requires special resources or browsers. Those who do access the dark web do so with a high degree of anonymity since the browsers they use mask their true identities by hiding their IP address. This is contrary to what occurs on the public web.
Visitors of a website on the public web records or reveals the users IP addresses, then tracks online activity. On the dark web, masking software installed on the computer routes the connection through a randomized path to its destination, bouncing around a number of encrypted connections. Ultimately, the process masks both the location and identity of the person searching or accessing the dark web.
Since users and their locations are hidden, it is no surprise the dark web can be a haven for all kinds of illicit activity; including the tracking of stolen personal information captured through means such as data breaches or hacks. Reams of personal information is often posted on the dark web for sale to criminals up to no good.
On the dark web, people looking for this information can get access to records referred to as “fullz” because they include the full package for fraudsters to wreak havoc on someone’s credit or worse. The “fullz” includes their full name, Social Security Number, birth date, account numbers and other sensitive data. These criminals can make a decent living by selling, buying and using other people’s personal information.
How Can You Protect Yourself from the Dark Web?
People often are not worried about the dark web until something like a data breach happens and they are notified their information was stolen. There is no absolute way to keep your information off the dark web because hackers are always trying the latest scheme to get your information and sell it to those looking to pay for it. You can be vigilant about looking for red flags:
• Monitor your accounts and statements for any charges or changes you did not make
• Check your credit report regularly for new accounts or activity you did not authorize
• Use strong passwords
• Consider an online product to help you protect your identity and monitor your credit
• Know how to respond immediately to suspicious activity
• Do not reuse passwords across multiple sites
• Enable multi–factor authentication if websites offer that as an option Fraudsters are always up to no good and we see it daily under our Title Company umbrella. By staying on top of potential issues, you can help minimize the impact if your personal information falls into the wrong hands.
Article provided by contributing author:
Diana Hoffman, Corporate Escrow