Jump to content

The dark web knows too much about me


The AchieVer

Recommended Posts

The AchieVer
 
istock-935673948.jpg
 

The dark web knows too much about me

We asked cybersecurity experts to scour the dark web for our personal information. What they found was disturbing.

 

What do Dunkin' Donuts, Fortnite, Sprint and the Dow Jones company all have in common? They've all suffered from massive hacks in 2019 alone.

 

After every data breach, victim data often surfaces on the encrypted "hidden" internet known as the dark web, a network of sites that can only be accessed with special security software. Dark web markets operate like the ecommerce websites we shop on every day, but often trade in illicit goods like drugs, weapons and stolen data. 

Link to comment
Share on other sites


  • Replies 6
  • Views 735
  • Created
  • Last Reply

People are constantly complaining about their information being on the web but don't take precautions to prevent it from being collected to begin with.  That doesn't pass the common sense test.  In reality it doesn't make any difference if your email address is exposed, as long as you use a strong password and change it at least every 90 days.  So instead of checking for your email address, check for your password.  Use a different password for every login.  There are many programs that will allow you to store your passwords in an encrypted database and some are free.  No one is expected to memorize ALL their passwords,  Don't want to be tracked where your phone goes, then buy a Faraday case to carry it in.  These are not bulky and come in various sizes for phones, tablets, and laptops.  You won't be able to receive calls or texts while it is in the pouch, but you won't be able to be tracked either. Just turning off location is not enough.  And last but not least, freeze your credit at the four credit reporting firms.  No bank is going to give a loan, credit card, etc without being able to check your credit and if you have your accounts frozen they can't do that.  There use to be a small charge for doing this but the law was changed to make it free for everyone, so there is no reason not to do it.  If you need to apply for a loan you can ask which credit bureau they will be checking and unfreeze that account, then freeze it again.  This can be done online so it is not inconvenient.  Same goes if you are job hunting, since most employers will do a credit check as part of the hiring process along with a background check.  And if you want a credit card, get one with one of the companies that offer one time use numbers.  When you want to charge a purchase online you log into your credit card account and get a one time use number.  As its name implies, that number is only good for one purchase, so if it is later part of a database hack it is no big deal since it will be useless.  Also make sure the company has a notification process for charges.  Mine notifies me instantly of any charges on my card and if it is something that is not part of my charge history they will send me and email and text concerning the transaction at which time I can Confirm or Deny the charge.  Most crooks will attempt to verify if a card works by making a small charge to a charitable organization.  One of the most popular was the American Rec Cross, where they would make a $1 donattion.  If it went through then they knew they had a working card and would start making large purchases with it.  If your company notifies/verifies purchases this will not work because you can stop it.  Being safe and secure requires a little work on your part, but it isn't impossible. 

Link to comment
Share on other sites


2 hours ago, straycat19 said:

People are constantly complaining about their information being on the web but don't take precautions to prevent it from being collected to begin with.  That doesn't pass the common sense test.  In reality it doesn't make any difference if your email address is exposed, as long as you use a strong password and change it at least every 90 days.  So instead of checking for your email address, check for your password.  Use a different password for every login.  There are many programs that will allow you to store your passwords in an encrypted database and some are free.  No one is expected to memorize ALL their passwords,  Don't want to be tracked where your phone goes, then buy a Faraday case to carry it in.  These are not bulky and come in various sizes for phones, tablets, and laptops.  You won't be able to receive calls or texts while it is in the pouch, but you won't be able to be tracked either. Just turning off location is not enough.  And last but not least, freeze your credit at the four credit reporting firms.  No bank is going to give a loan, credit card, etc without being able to check your credit and if you have your accounts frozen they can't do that.  There use to be a small charge for doing this but the law was changed to make it free for everyone, so there is no reason not to do it.  If you need to apply for a loan you can ask which credit bureau they will be checking and unfreeze that account, then freeze it again.  This can be done online so it is not inconvenient.  Same goes if you are job hunting, since most employers will do a credit check as part of the hiring process along with a background check.  And if you want a credit card, get one with one of the companies that offer one time use numbers.  When you want to charge a purchase online you log into your credit card account and get a one time use number.  As its name implies, that number is only good for one purchase, so if it is later part of a database hack it is no big deal since it will be useless.  Also make sure the company has a notification process for charges.  Mine notifies me instantly of any charges on my card and if it is something that is not part of my charge history they will send me and email and text concerning the transaction at which time I can Confirm or Deny the charge.  Most crooks will attempt to verify if a card works by making a small charge to a charitable organization.  One of the most popular was the American Rec Cross, where they would make a $1 donattion.  If it went through then they knew they had a working card and would start making large purchases with it.  If your company notifies/verifies purchases this will not work because you can stop it.  Being safe and secure requires a little work on your part, but it isn't impossible. 

didn't read it all but a secure and long password changed doesn't do

much protection at all these days when people chose to gain free wifi

access without using proper protection.

 

also new information is available that says 4g connections has lots

of faults and weaknesses.

 

your long secure password is no longer secure since it's in plain sight

for any admin. always use a vpn on every login.

 

i do however agree with using different password for each important

site because the first thing they will do is take you login to other

places and use same password.

 

mind you it doesn't really matter for the adobe logins and low risk

where you need to have an email to download as long as you

didn't share any information about you.

 

Link to comment
Share on other sites


14 minutes ago, halvgris said:

also new information is available that says 4g connections has lots

of faults and weaknesses.

 

your long secure password is no longer secure since it's in plain sight

for any admin. always use a vpn on every login.

 

Yeah, researchers say 4G is not secure because they were able to break it in a Lab.  Labs are not real world and it isn't as easy as they always make it sound.  Lots of luck hacking 4G in the real world.

 

VPNs have nothing to do with long passwords, there is no correlation.  Whether you access a site thru your actual IP or a VPN IP has nothing to do with the password you enter on the site.  As I have mentioned many times before, VPNs aren't as secure as everyone thinks.  It is easy to get an actual IP address from a VPN provider, even if it doesn't keep logs.  Most reputable sites encrypt the password so it can't be seen by anyone.  Notice I said reputable, which doesn't include the likes of Facebook, where passwords were kept in a plain text database available to any employee.

 

 

Link to comment
Share on other sites


this is NOT a topic paranoids should read. 

Basic precaution should protect you, and that video of you having sex with a goat is not really out there for all to see. OR IS IT

Link to comment
Share on other sites


Long password doesn't always protect you.

If the authentication scheme is breached, whatever the password length is irrelevant. Only in case of bruteforce does it have an impact.

 

Nowadays, 2 factor authentication should be the norm, this is an additional layer but again it's not invincible... Getting notified of important events on any account or just based on location should be implemented everywhere, so in case of breach, even if it means your account is already compromised, at least you can act on it right away.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...