The AchieVer Posted April 7, 2019 Share Posted April 7, 2019 The dark web knows too much about me We asked cybersecurity experts to scour the dark web for our personal information. What they found was disturbing. What do Dunkin' Donuts, Fortnite, Sprint and the Dow Jones company all have in common? They've all suffered from massive hacks in 2019 alone. After every data breach, victim data often surfaces on the encrypted "hidden" internet known as the dark web, a network of sites that can only be accessed with special security software. Dark web markets operate like the ecommerce websites we shop on every day, but often trade in illicit goods like drugs, weapons and stolen data. Because so many companies now capture and store personal information, hacking has become a profitable profession, said Terbium Labs vice president of research Emily Wilson. One hacker known as Gnosticplayers has allegedly leaked over 840 million user records. His most recent dump of 26.42 million records was listed for 1.2431 bitcoin, or about $4,940. "The dark web has provided the raw materials that these fraudsters need to build out scalable criminal empires," said Wilson. "We're talking about identity theft of millions of people, including children." Though the stakes are high for individuals, it's often challenging to understand how data breaches that result in the loss of millions of records can have a personal impact. So my colleague Graham Kates and I asked Wilson's firm to scour the dark web for our personal details. What they found was unsettling. Detailed information about Graham was included in a WikiLeaks-related "fullz" dump, a data breach that can include financial information like Social Security numbers, credit card numbers, date of birth and mailing addresses. Fortunately, most of Graham's information was related to a prior address or no longer relevant. Still, his information, along with the details of several thousand additional users, was for sale at the cut-rate price of $69. Our data was for sale on the dark web at very lost cost. My exposure was slightly greater. Terbium found my name, email address and other personal details that were associated with my current phone number on a fraud site called Black Stuff. By plugging some of the information into the dark web site Torch, I was able to uncover additional details, including older geographic coordinates. Fortunately my current location was not available, but old data is still valuable data, said Wilson, and criminals can use your old details to figure out your routines, where you work and maybe even your neighborhood. "Once your data is in the mix, you're just another cog in the wheel," she explained. "You're just another resource. Data is often repackaged, resold, re-released, which means, if you're exposed once, it's going to be used hundreds, thousands, maybe even millions of times before it's all said and done." Source Link to comment Share on other sites More sharing options...
straycat19 Posted April 7, 2019 Share Posted April 7, 2019 People are constantly complaining about their information being on the web but don't take precautions to prevent it from being collected to begin with. That doesn't pass the common sense test. In reality it doesn't make any difference if your email address is exposed, as long as you use a strong password and change it at least every 90 days. So instead of checking for your email address, check for your password. Use a different password for every login. There are many programs that will allow you to store your passwords in an encrypted database and some are free. No one is expected to memorize ALL their passwords, Don't want to be tracked where your phone goes, then buy a Faraday case to carry it in. These are not bulky and come in various sizes for phones, tablets, and laptops. You won't be able to receive calls or texts while it is in the pouch, but you won't be able to be tracked either. Just turning off location is not enough. And last but not least, freeze your credit at the four credit reporting firms. No bank is going to give a loan, credit card, etc without being able to check your credit and if you have your accounts frozen they can't do that. There use to be a small charge for doing this but the law was changed to make it free for everyone, so there is no reason not to do it. If you need to apply for a loan you can ask which credit bureau they will be checking and unfreeze that account, then freeze it again. This can be done online so it is not inconvenient. Same goes if you are job hunting, since most employers will do a credit check as part of the hiring process along with a background check. And if you want a credit card, get one with one of the companies that offer one time use numbers. When you want to charge a purchase online you log into your credit card account and get a one time use number. As its name implies, that number is only good for one purchase, so if it is later part of a database hack it is no big deal since it will be useless. Also make sure the company has a notification process for charges. Mine notifies me instantly of any charges on my card and if it is something that is not part of my charge history they will send me and email and text concerning the transaction at which time I can Confirm or Deny the charge. Most crooks will attempt to verify if a card works by making a small charge to a charitable organization. One of the most popular was the American Rec Cross, where they would make a $1 donattion. If it went through then they knew they had a working card and would start making large purchases with it. If your company notifies/verifies purchases this will not work because you can stop it. Being safe and secure requires a little work on your part, but it isn't impossible. Link to comment Share on other sites More sharing options...
halvgris Posted April 7, 2019 Share Posted April 7, 2019 2 hours ago, straycat19 said: People are constantly complaining about their information being on the web but don't take precautions to prevent it from being collected to begin with. That doesn't pass the common sense test. In reality it doesn't make any difference if your email address is exposed, as long as you use a strong password and change it at least every 90 days. So instead of checking for your email address, check for your password. Use a different password for every login. There are many programs that will allow you to store your passwords in an encrypted database and some are free. No one is expected to memorize ALL their passwords, Don't want to be tracked where your phone goes, then buy a Faraday case to carry it in. These are not bulky and come in various sizes for phones, tablets, and laptops. You won't be able to receive calls or texts while it is in the pouch, but you won't be able to be tracked either. Just turning off location is not enough. And last but not least, freeze your credit at the four credit reporting firms. No bank is going to give a loan, credit card, etc without being able to check your credit and if you have your accounts frozen they can't do that. There use to be a small charge for doing this but the law was changed to make it free for everyone, so there is no reason not to do it. If you need to apply for a loan you can ask which credit bureau they will be checking and unfreeze that account, then freeze it again. This can be done online so it is not inconvenient. Same goes if you are job hunting, since most employers will do a credit check as part of the hiring process along with a background check. And if you want a credit card, get one with one of the companies that offer one time use numbers. When you want to charge a purchase online you log into your credit card account and get a one time use number. As its name implies, that number is only good for one purchase, so if it is later part of a database hack it is no big deal since it will be useless. Also make sure the company has a notification process for charges. Mine notifies me instantly of any charges on my card and if it is something that is not part of my charge history they will send me and email and text concerning the transaction at which time I can Confirm or Deny the charge. Most crooks will attempt to verify if a card works by making a small charge to a charitable organization. One of the most popular was the American Rec Cross, where they would make a $1 donattion. If it went through then they knew they had a working card and would start making large purchases with it. If your company notifies/verifies purchases this will not work because you can stop it. Being safe and secure requires a little work on your part, but it isn't impossible. didn't read it all but a secure and long password changed doesn't do much protection at all these days when people chose to gain free wifi access without using proper protection. also new information is available that says 4g connections has lots of faults and weaknesses. your long secure password is no longer secure since it's in plain sight for any admin. always use a vpn on every login. i do however agree with using different password for each important site because the first thing they will do is take you login to other places and use same password. mind you it doesn't really matter for the adobe logins and low risk where you need to have an email to download as long as you didn't share any information about you. Link to comment Share on other sites More sharing options...
straycat19 Posted April 7, 2019 Share Posted April 7, 2019 14 minutes ago, halvgris said: also new information is available that says 4g connections has lots of faults and weaknesses. your long secure password is no longer secure since it's in plain sight for any admin. always use a vpn on every login. Yeah, researchers say 4G is not secure because they were able to break it in a Lab. Labs are not real world and it isn't as easy as they always make it sound. Lots of luck hacking 4G in the real world. VPNs have nothing to do with long passwords, there is no correlation. Whether you access a site thru your actual IP or a VPN IP has nothing to do with the password you enter on the site. As I have mentioned many times before, VPNs aren't as secure as everyone thinks. It is easy to get an actual IP address from a VPN provider, even if it doesn't keep logs. Most reputable sites encrypt the password so it can't be seen by anyone. Notice I said reputable, which doesn't include the likes of Facebook, where passwords were kept in a plain text database available to any employee. Link to comment Share on other sites More sharing options...
dMog Posted April 7, 2019 Share Posted April 7, 2019 this is NOT a topic paranoids should read. Basic precaution should protect you, and that video of you having sex with a goat is not really out there for all to see. OR IS IT Link to comment Share on other sites More sharing options...
tiliarou Posted April 7, 2019 Share Posted April 7, 2019 Long password doesn't always protect you. If the authentication scheme is breached, whatever the password length is irrelevant. Only in case of bruteforce does it have an impact. Nowadays, 2 factor authentication should be the norm, this is an additional layer but again it's not invincible... Getting notified of important events on any account or just based on location should be implemented everywhere, so in case of breach, even if it means your account is already compromised, at least you can act on it right away. Link to comment Share on other sites More sharing options...
Ha91 Posted April 10, 2019 Share Posted April 10, 2019 You guys mean 5g? @straycat19@halvgris Link to comment Share on other sites More sharing options...
mkc21 Posted April 10, 2019 Share Posted April 10, 2019 I'll be dead soon who cares lol Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.