Where does data go once it’s stolen in a data breach? We often hear how many records were compromised in a breach when it makes the news, but it’s not always clear what happens after that.
Hackers that steal thousands of records in a database are rarely just going to use those themselves to perpetrate identity theft or credential compromise on all those victims. Most likely, they are going to use it as a product to sell on the Dark Web.
The Dark Web is often referred to as an online marketplace where stolen personal information can be sold, along with many other illicit items. While illegal marketplaces do proliferate on the Dark Web, it’s more than just the scammer’s version of Amazon.
What Is the Dark Web?
The internet consists of two main areas:
- The main internet that we all see and use regularly (Clear Web)
- Pages that are hidden from being indexed by the search engines (Deep Web)
Where does the Dark Web come in? The Dark Web makes up a portion of the Deep Web.
Not everything on the Deep Web is dangerous or connected to illegal activity. Organizations hide pages from being indexed by Google and other search engines for all sorts of good reasons.
For example, you may be hosting internal “company eyes only” documents on your web server and don’t want those to be found in a random web search. Some companies with paid subscription content will also hide those paid pages from being indexed.
The Dark Web is different. It consists of websites that aren’t even designed to be accessed by normal web browsers (Chrome, Edge, Safari, etc.). Sites on the Dark Web end in the .onion address and you need specific software to access those sites.
While there can be legitimate sites on the Dark Web, it’s mainly used for illegal activities, and a big one is the buying and selling of stolen information.
How Much Does Data Sell for on the Dark Web?
No one is immune from having their data compromised. Being a smaller company doesn’t provide any protection either. Approximately 43% of cyber attacks are aimed at small businesses.
Smaller companies may not have millions of employee or customer records like enterprise corporations, but hackers often have less work to do to break in. Unfortunately, SMBs often don’t pay as much attention to their cybersecurity as they should.
In 2019, there was a 424% increase in data breaches at small businesses.
Why does everyone want your data?
Because it’s quite lucrative if they set up shop and sell it on the Dark Web. Some of the going rates for stolen data include:
- PayPal account login: from $5 to $1,767
- Stolen credit card details: up to $1,000
- Stolen login credentials: $14-$20
Just about any type of data can fetch some type of price, especially if a hacker can cross-reference other data for the same person or company to build out a full profile for identity theft.
Where Does The Data Come From?
Data sold on the Dark Web comes from both major publicized data breaches (Facebook, Mariott, etc.) as well as persistent attacks that fly under the radar.
You can have your data breached through a company that you’ve done business with that suffers a breach. You may also have a hacker in your system using spyware and not even realize your emails or other data is being siphoned off regularly.
Data is a commodity on the Dark Web, and it comes from the databases and cloud accounts of various organizations. It can be stolen using standard phishing attacks (the most popular method) or brute force attacks through poorly defended networks.
How Do I Know if My Data Is for Sale on the Dark Web?
Dark Web monitoring services will help alert you if any of your data or your company’s data (such as name, email address, phone number, address) are found in any of the major Dark Web marketplaces.
These services can’t stop your information from being bought and sold, but they can alert you so you can take the appropriate precautions. This may include having your bank card canceled and reissued, changing your passwords, etc.
One other place to keep an eye out is the password security area of your browser. Both Chrome and Edge have recently added password monitoring that alerts you if any of your saved or entered logins have been involved in a known data breach.
Is Your Team Using Good Password & Data Security?
Putting good password practices (like two-factor authentication) and strong data security in place can help you protect yourself from a breach. Leverage IT Group can help your DFW area business will a full security assessment and recommendations.
Contact us today to schedule a free consultation. Call (469) 458-0559 or reach us online.