Dark Web exposure risk

Topic

New Reply

I get alerts saying my email address and phone number are found on the Dark Web – what are the real risks ?  All I notice is that I get spam emails but I can deal with them, and I have complex password on all my accounts. I do occasionally get spam phone calls but I can filter them too and I’d really rather not change my phone number – that’ll just get stolen anyway. Is there any other more sinister risk I’m not aware of?

Reply | Quote

Replies

peterb: I am not a user of the Onion and the Tor browser and so have never accessed what I think you mean by the “Dark Web.”

But my take of what I have read others commenting here about it, is that is not only used by people that want to avoid tracking and to escape unwanted attention with an understandable and probably decent reason to do so; for example, because they are opponents of some nasty totalitarian government and want to communicate while trying to stay under that regime’s radar. But it is also used by crooks, terrorists and other undesirables, and once in the “Dark Web” one is sharing it with the latter, and that is not healthy. Going by past occurrences, if someone tried to post here a comment with a link to anything on the Dark Web, that comment, once the nature of the link is detected, would be removed lickety split by a moderator.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

peterb

Reply | Quote

Thanks Oscar, and I don’t use it either – however it seems my info has been posted there from dumps of hacked material, so my main point is – it’s there, so what? Is there some serious risk that I’m not aware of that I should worry about? I suspect not but just wondered if anyone else had special insight.

As an example, one monitoring service I tried for a while told me my phone number can be used to spoof a company into switching my account to someone else. I find that hard to believe but it does make me wonder. Maybe I do need another unlisted phone number…

1 user thanked author for this post.

OscarCP

Reply | Quote

peterb: Now that I think about it, once upon a time my personal data collected by the FBI to vet me when I applied for a new NASA badge was stolen from the government along with tens of thousands of those of other people working for the government.

Then the government offered all the people affected a free subscription to a monitoring service, which I accepted, and now and then, and only a few times so far, this service has been sending me information on things I might have to worry about. But not once those alarms have been about my personal information: all of them have been about convicted sex-offenders moving into the neighborhood. Not exactly great news, but I very much doubt that is something for me to worry about.

Your case is somewhat different, but I suspect that, as you have described it, is also something you do not need to take action about, so just ignoring it is probably OK.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP: As Susan mentioned the “Dark Web Monitoring” is a service offered by the credit monitoring people, and it sounds as though you’ve used one. You input whatever things you want them to scan for and if they get hits they alert you. Where they search they don’t tell you but they imply at least that these are sites that aren’t the well-known ones. Either way, it’s all well and good but I got to wondering what do I do if they find my stuff out there? I’ve fixed the passwords but there’s this unknown threat implied that I might face something more nasty, so I was trying to solicit ideas on what to do to protect myself.

Reply | Quote

peterb: The service I got, provided for free by the government, was not one that let me choose what it was going to keep watch on for me. I certainly am not interested on sex offenders’ movements. But I wonder what the type of services you subscribe to is called, as I am not sure what to search the Web for to find more information on my own.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP: there are loads – search the web for “Best Credit Monitoring Services for 2022” – Identity Guard is top-rated, the three credit bureaus also offer them and even my Norton 360 offers dark web monitoring. Definitely worth trying the free trials to see what you think. Caveat: I don’t think any of them free but IMO you get what you pay for and it all depends on how badly you feel you need the protection. Personally I think it’s worth it for me.

Reply | Quote

Oscar – IIRC an outfit called Wallet Hub offered identity and credit monitoring. I think Triple A (AAA, Automobile Association of America) offers something similar (perhaps only to members). Your credit card company might also offer a similar service. Since you’re employed by NASA, their human resources department might have some suggestions as might any professional organizations to which you might belong.

1 user thanked author for this post.

OscarCP

Reply | Quote

If people have your email and phone, they might also have your SSN, DOB, or answers to security questions if they were stored in the same databases.  If they have enough of these, they could file false tax returns or open lines of credit in your name, or could use your security questions to attempt to access your online bank accounts.

The only cautionary steps I would take are – 1. never click on any link in any email.  If something needs attention, type in the home page of the company you want to deal with.  2. check all finance accounts that have online access frequently.  3. there are 3 credit reporting agencies if you are a US resident.  you can check them for free each 12 months, but if you time it right you can check one in January, one in May, one in September, and then one next January.  -BB

3 users thanked author for this post.

Biiljoy, peterb, OscarCP

Reply | Quote

All good advice and I do take the precautions you mentioned very seriously – fortunately none of the more dangerous data is exposed, so far as I know but I do check.

Reply | Quote

In my not so humble opinion – “dark web monitoring” is advertising spin.  These services go through publicly available data dump sites like HaveIbeenpwnd.com, pastebin and other publicly known resources of exposure.  Your email and phone isn’t a worry (IMHO) rather hash values of passwords/reused passwords are the bigger concern.

Susan Bradley Patch Lady/Prudent patcher

6 users thanked author for this post.

Mr. Austin, AlphaCharlie, WSGeo, satrow, Myst, DrBonzo

Reply | Quote

peterb wrote:

I get alerts saying my email address and phone number are found on the Dark Web

Your details are probably found on the non-Dark Web as well.
Ignore that message because it’s only trying to get you to click.

cheers, Paul

1 user thanked author for this post.

peterb

Reply | Quote

There are sites that are specifically to dox people and then you can be attacked.  The Lapsus hacker was a 15 year old boy and was doxxed and they posted a video from in front of his mothers home at night and were threatening him (he’s an extortionist so they are upset with him haha).

https://en.wikipedia.org/wiki/Lapsus$

It’s not a place I would want any of my data to appear, but if it is there what can you do about it?  Nothing.  Check out the website haveibeenpwned

haveibeenpwned.com/

Most people are on a few lists or have been breached.

Reply | Quote

Two questions about this:

(1) How does one (i.e. peterb) know that an email comes from the “Dark Internet”? (Unless it says so in the email? Unlikely.)

(2) How do “those services” (as Susan has called them) manage to get pawned email addresses from databases such as those of HaveIbeenpwnd.com without knowing which addresses to look for, in the first place? Has HaveIbeenpwnd.com been broken into?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

You sign up for a credit monitoring/dark web monitoring service.  You provide your email.  These services then monitor these public databases.  You can input your email into any of these sites to check the status of your ‘pwned’ email/password.  These services just automate it so you don’t have to run to each of them.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan wrote: “You sign up for a credit monitoring/dark web monitoring service.  You provide your email.  These services then monitor these public databases.”

I did not know there were such services, and now that I do, am wondering if they may be useful enough to regular home and small business users to justify subscribing to one of them.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

Then the government offered all the people affected a free subscription to a monitoring service, which I accepted, and now and then, and only a few times so far, this service has been sending me information on things I might have to worry about.

This sure sounds like one of those monitoring services.

1 user thanked author for this post.

Paul T

Reply | Quote