In a significant move to help users safeguard their personal information, Google has announced that it will begin offering free dark web monitoring reports to all its users later this month. This service, previously exclusive to Google One subscribers and limited Gmail users, will now be accessible to users in at least 46 countries and territories, including Canada.
While cybersecurity experts praise this as a positive step, they caution that the threat of privacy breaches continues to grow, and much more needs to be done to protect personal data.
How Cybercriminals Can Buy Your Hacked Data on the Dark Web
The dark web, often described as the “criminal underbelly of the internet,” is where cybercriminals can buy and sell stolen data, including passwords, credit card numbers, and other sensitive information.
Ann Cavoukian, Ontario’s former privacy commissioner, highlights the dangers of data falling into the wrong hands. “Once it’s in the wrong hands, it can come back to haunt you,” she says. The dark web is not easily accessible to everyone; it requires special software like the Tor browser, which ironically also protects internet privacy.
Cybercriminals operate sophisticated networks on the dark web, exploiting data breaches to sell information to the highest bidder. This information can include usernames, passwords, social security numbers, and even medical records. Once your data is out there, it can be used for various malicious purposes, from identity theft to financial fraud. The anonymity of the dark web makes it a haven for these activities, where transactions are conducted using cryptocurrencies to avoid detection.
What is the Dark Web?
The dark web is a part of the internet that isn’t indexed by traditional search engines and requires specific software to access. It is a marketplace for illicit goods and services, including stolen data, drugs, and weapons.
Terry Cutler, an ethical hacker, explains that while the dark web is used for various criminal activities, its primary allure for hackers is the trade of stolen data. This hidden part of the internet thrives on anonymity, making it a haven for cybercriminals.
The dark web is often misunderstood. This network can only be accessed using specialized tools like the Tor browser, which masks the user’s IP address and location. This anonymity is what attracts cybercriminals, allowing them to operate with impunity. Despite its sinister reputation, the dark web is also used for legitimate purposes, such as by journalists and activists in oppressive regimes. However, its association with illegal activities overshadows these uses.
How Often Does Stolen Data Show Up on the Dark Web?
Hackers often infiltrate servers and operate undetected for extended periods, slowly siphoning off millions of email addresses, passwords, and other data. This year alone, several significant cybersecurity incidents have resulted in stolen personal information appearing on the dark web.
For instance, Ticketmaster recently notified Canadian customers of a breach where personal and credit card information might have been stolen. Similarly, London Drugs faced a ransomware attack, leading to the release of employee data on the dark web.
These incidents highlight the frequency with which stolen data appears on the dark web. Hackers can spend months inside a company’s servers, extracting data without detection. Once they have amassed enough information, they sell it on the dark web.
This data is then bought by other criminals who use it for various purposes, from opening fraudulent accounts to launching targeted phishing attacks. The cycle of data theft and resale is relentless, with new breaches occurring regularly.
Ticketmaster Encourages Customers to Take Action After Another Security Breach
Ticketmaster’s recent breach highlights the frequency and impact of these incidents. The company informed its customers that their personal and credit card information might have been compromised and offered one year of credit monitoring services.
A hacker group claimed to have stolen and leaked information from over 500 million Ticketmaster accounts globally, underscoring the scale and severity of such breaches.
Ticketmaster’s response to the breach underscores the need for vigilance. The company is urging customers to monitor their credit reports and change their passwords. They are also offering a year of free credit monitoring, which can help detect fraudulent activity early.
However, these measures are reactive rather than proactive. The breach has already occurred, and the stolen data is likely already on the dark web. Customers must remain vigilant and take additional steps to protect their personal information.
Cybersecurity Expert Discusses Implications of London Drugs Ransomware Attack
Terry Cutler notes that many individuals use weak passwords or the same password across multiple accounts, making it easier for hackers to access various platforms.
The London Drugs ransomware attack is a prime example, where hackers demanded a $25-million ransom after stealing and releasing employee data. Such incidents emphasize the need for stronger cybersecurity measures and the importance of regularly updating passwords.
The London Drugs attack illustrates the broader implications of ransomware. When a company is hit, it’s not just its data that’s at risk. The personal information of employees and customers can be exposed, leading to further attacks.
Cutler stresses the importance of using strong, unique passwords for each account. He also recommends enabling two-factor authentication, which provides an additional layer of security. While these measures can’t prevent all attacks, they can make it more difficult for hackers to succeed.
How Does Dark Web Monitoring Work?
Dark web monitoring involves scanning databases on the dark web for exposed personal information. Cutler’s company, Cyology Labs, demonstrated this by scanning for leaked passwords associated with the email suffix @cbc.ca.
The scan revealed over 1,000 exposed passwords linked to current and former CBC employees. Google’s dark web monitoring will allow users to check if their personal information, such as Gmail addresses, names, mailing addresses, phone numbers, or usernames, has appeared in a data breach.
Dark web monitoring tools scan known dark web forums and marketplaces for stolen data. When a match is found, the user is notified, and steps can be taken to secure the compromised accounts.
Google’s service will provide users with alerts if their data is found on the dark web, along with recommendations for improving their security. This could include changing passwords, enabling two-factor authentication, or even contacting affected institutions to alert them of potential fraud.
What More Can Be Done?
Despite Google’s efforts, cybersecurity experts like Cutler argue that individuals must take proactive steps to protect their data. This includes creating strong, unique passwords and regularly updating them. However, Cavoukian stresses that the responsibility should not rest solely on users.
Companies must also take greater accountability for the personal data they handle. “To expect the average user to know what happens to their personal information once they’re online is asking too much,” she says.
Preventing data breaches requires a multi-faceted approach. Users must be educated about the importance of cybersecurity and provided with tools to protect their information.
Companies must invest in robust security measures, including regular security audits, employee training, and advanced encryption technologies. Governments also have a role to play, by enforcing data protection regulations and holding companies accountable for breaches.
Former Privacy Commissioner on Why Companies Need to Do More to Protect Our Info
Cavoukian hopes that other major companies will follow Google’s lead and offer free dark web monitoring services to their users. She encourages individuals who have had their data exposed to contact the breached company for support services and consider filing complaints with privacy commissioners.
Raising awareness about potential fraud and unauthorized use of personal information is crucial in the fight for privacy protection.
Cavoukian emphasizes that protecting personal information is a collective responsibility. While users must take steps to secure their data, companies and governments must also play their part. She advocates for stronger privacy laws and stricter enforcement of existing regulations.
By working together, we can create a safer online environment where personal information is better protected from cybercriminals.