We may be online more than ever for both work and entertainment, but few of us stop to think about what that activity means for our personal information. We trust that the websites and companies we do business with are safeguarding our data and that the devices we use are secure.
Far more often than we'd like, though, cybercriminals steal personal information or trick us into giving it away. Why? Often, they want to sell or trade our data on the dark web. You may think you don't have anything "worth stealing," but everyone has something from which cybercriminals can profit.
So let's talk about the dark web, why your information may be at risk, how to use LastPass for dark web monitoring, and what you can (realistically) do to keep your information safe.
What is the dark web?
The internet that you're familiar with is the searchable web. It contains all of the content indexed by search engines like Google. In contrast, the deep web is all of the content that is "hidden" from the public and requires more skill to find. No simple Google search will pull up the deep web; you'll need special software and search engines to find and use it. The dark web is a subset of the deep web. Within the hidden internet, the dark web is where cybercriminals carry out their illicit and illegal activities. (Journalists and dissidents also use the dark web, where they can exchange information privately and anonymously.) Of course, most of us won't ever use the dark web. The most important thing to understand is that hackers head to the dark web to profit from the data they've stolen (from ordinary people and businesses alike) — so you want to keep your data out of the hands of hackers and off of the dark web. And if your information does end up on the dark web, you want to mitigate and minimize any potential damage it may cause.What you'll find on the dark web
Given that the dark web is the "black market" of the internet, you'll find all sorts of information for sale there. Social security numbers, credit cards, usernames and passwords, bank account logins, medical records — to name a few. Any data that hackers could profit from is sold individually or in bulk on the dark web. Credit cards go for $10 to $20 on average, while PayPal accounts sell for $2 to $10. According to PrivacyAffairs, a US driver's license averages $70, a hacked Facebook account averages $75, and a passport goes for about $1500. Medical records average $250 each, according to cybersecurity firm Trustwave. In other words, the data we use every day online can be pretty profitable for cybercriminals. When we're not careful who we share that information with — or when websites experience data breaches — our personal information can end up for sale on the dark web.How to use LastPass for dark web monitoring
Unfortunately, most of us don't have the skills (or the time) to go digging around the dark web to check if our personal information or accounts are for sale. And thankfully, you don't need to with LastPass's dark web monitoring. LastPass users can turn on dark web monitoring with just a few quick clicks. First, you tell LastPass which email address(es) you use for your online accounts. LastPass then continuously monitors a database of breached credentials, looking for your email address(es). This database is routinely updated when hackers post leaked usernames and passwords on the dark web. When LastPass detects a match in the database for your email address(es), you're immediately alerted via email. That way, you can stay informed of any credentials that may be in jeopardy and take quick action to keep hackers out of your accountsMy information is on the dark web. Now what?
You should check any dark web alerts quickly. Based on the information in the alert, you may need to change the account password, change the email address used for an account, turn on two-factor authentication, or even initiate a temporary credit freeze. Acting swiftly to lock down an account will minimize the damage of any information leaked to the dark web. It will also reduce the likelihood that you'll be hacked or have your identity stolen. Though you can't remove the information once it's on the dark web, you can stay ahead of cybercriminals who want to use it.Keeping your information off the dark web
First, you should assume some of your personal information is already out there on the dark web. With so many large-scale breaches in the past 10+ years, attackers and hackers have amassed massive databases. We all should be operating as if some of our data is in these databases. Second, taking basic cybersecurity precautions will help protect you online, even if some of your information is already leaked. Those basic precautions include:- Generating a unique password for every online account.
- Using a password manager for easy access to and secure storage of account logins.
- Prompting for multi-factor authentication on logins whenever possible, especially for email, social media, banking, medical records and work accounts.
- Monitoring for leaked credentials on the dark web.
- Updating apps and device operating systems regularly.
- Avoiding suspicious links and documents and reporting unusual activity to service providers or IT personnel.
