After The Breach: What Happens to Stolen Data

March 2nd, 2018 by admin

Over the last few years, there have been many major data breaches including Target, Sony, and most recently, Equifax. Even if we don’t hear about them, smaller scale hacks are happening all the time. It’s terrifying to imagine our data getting into the wrong hands, but exactly whose hands is it getting into? And how does it get there? Typically, stolen data ends up on the dark web. The dark web is internet content that exists on overlay networks called darknets. Although they work using the internet, they require specific authorization, configurations or software to access. On the dark web, IP addresses are encrypted so that everything is anonymous and untraceable. This makes it a hotbed for illegal activity.  Due to the encrypted nature of the dark web, it’s incredibly difficult to track exactly where data goes. Generally, it finds its way to an online marketplace to earn the hacker a quick buck. Darknet markets essentially operate as black markets, selling illegal goods such as drugs, weapons, forged documents, and you guessed it, stolen data. These markets work similarly to regular online commercial marketplace like Amazon or eBay; buyers and sellers can even give each other ratings. Transactions are made using bitcoin, or other currencies that cannot be tracked. Stolen data is one of the largest commodities traded on the dark web, and can be quite lucrative, depending on the information the hacker has. Credentials are typically sold in bulk with a constantly changing value. Banking credentials tend to be among the most expensive because they can be monetized directly through fraudulent transactions. The most common credentials up for sale are e-commerce and email credentials. Oftentimes, stolen emails are used to launch spam campaigns, and spread malicious files. Unfortunately, due to the fact that many people reuse their passwords, a single breach of an account can mean access to dozens of unrelated accounts. Data sold on the dark web ages quickly; the longer it’s out there and the more it’s been used, the less value it has. The more information about an individual that a data seller has, the better (for the seller, at least). For example, a random credit card number may sell for $5 to $8, but if the seller also has the card holder’s PIN number, date of birth, and address, the price gets much higher. As mysterious and menacing the dark web and its darknet marketplaces sound, there are simple things you can do to keep yourself safe. Set strong, unique passwords (click here for some tips on setting an unbreakable, yet memorable one), be aware of phishing scams (here’s how to spot one), and keep an eye on your bank account to catch any fraudulent transactions. To see if your data has been compromised in a data breach, enter your email address or username in Have I Been Pwned?. Stay safe out there!   Hannah Webb

Posted in: Protection, Security


Cal. Civ. Code § 1798.102 - Do Not Sell My Personal Information