In the spirit of the Halloween season, we thought we’d address a scary topic: the dark web. In case you missed our post about it, the dark web is a part of the internet that can only be accessed through an anonymized browser called Tor. By nature, the dark web is untraceable, so it encourages illegal activity like the sale of stolen personal information and passwords.
The scary truth about the dark web
You may have noticed the slew of recent news surrounding hacks of major companies, including Facebook, Equifax, Twitter, and Reddit. Hacks expose troves of user data, and frequently include passwords. Hackers can take those stolen passwords and sell them on the dark web for profit. Your passwords can be sold on the dark web even if you’ve never been there and without you ever knowing.
What happens when your passwords get caught in the web
The sale of stolen passwords to popular paid subscription services has become commonplace on the dark web. Earlier this year, Netflix accounts were found being sold on the dark web for as low as $0.50. HBO GO, and HBO NOW accounts were being sold for about $10, and Spotify accounts for $1.95. Sellers also promised buyers lifetime access, so if you’re paying a premium for those services, you could be subsidizing somebody else’s viewership unknowingly.
In 2017, unsuspecting victims logged in to their Uber accounts to find that they were charged for rides they never took. “I opened my Uber app from my apartment in Brooklyn, but the blinking GPS dot said I was in Sydney Australia—and that a driver who I hadn’t requested was on his way to pick me up!” said Kim, a New York City native who had her account hacked in 2017. “It took me months of emails and several angry tweets to get my account back in my control.” Sure enough, Uber accounts were being sold on the dark web for as low as $0.40.
Because most people reuse passwords or similar passwords across accounts, subscription services are just the tip of the iceberg. Criminals on the dark web can exploit bad password habits to gain stealth access to numerous critical accounts and profit off your personal information. And they don’t discriminate. Even if you haven’t reused passwords in a long time, it doesn’t mean your old, unused, and forgotten accounts won’t come back to haunt you—active passwords can become available on the dark web years after they’ve been stolen.
Three ways to untangle your passwords from the dark web
- Use a different password for every account. That way, if criminals get the password to your Netflix account, they can’t also get into your bank account or email.
- Update compromised or weak passwords. This is especially important if your account becomes compromised in a hack or breach, because changing your password prevents criminals from accessing that account.
- Run a dark web scan. Tools are available online—like Dashlane’s Dark Web Monitoring—that can help you discover and protect stolen information.
Dashlane has features that make all three of those things extremely easy to do. You can use Dashlane’s Password Generator to ensure unique, complex passwords for every account. Dashlane notifies you any time a password becomes compromised in a hack or breach, so you can change it quickly. You can also use the Password Health screen to ensure your accounts are protected with strong passwords.
If you have Dashlane Premium, you can run a dark web scan by following these simple instructions. You can scan and monitor up to five email addresses to find out if any of your personal information—not only passwords, but addresses, phone numbers, or credit cards— has been stolen in a hack or breach; each scan will sort through more than 12 billion records related to hacks and data breaches, with almost a million new records added each day. On top of that, you’ll receive an alert any time in the future if information associated with your email address shows up on the dark web. That way, you’ll always be on top of securing compromised accounts and can regain control of your information.