Thank you for your interest in our DarkWebID service.
Frequently Asked Questions
The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.
While we can’t say definitively that the data we’ve discovered has already been used to exploit your organization, the fact that we are able to identify this data should be very concerning. Organizations should consult their internal or external IT and/ or security teams to determine if they have suffered a cyber incident or data breach.
- Dark Web Chatroom: compromised data discovered in a hidden IRC.
- Hacking Site: compromised data exposed on a hacked Website or data dump site.
- Hidden Theft Forum: compromised data published within a hacking forum or community.
- P2P File Leak: compromised data leaked from a Peer-to-Peer file sharing program or network.
- Social Media Post: compromised data posted on a social media platform.
- C2 Server/Malware: compromised data harvested through botnets or on a command and control (C2) server.
- Tested: the compromised data was tested to determine if it is live/active.
- Sample: the compromised data was posted to prove its validity.
- Keylogged or Phished: the compromised data was entered into a fictitious website or extracted through software designed to steal PII.
- 3rd Party Breach: the compromised data was exposed as part of a company’s internal data breach or on a 3rd party Website.
- Accidental Exposure: the compromised data was accidentally shared on a Web, social media, or Peer-to-Peer site.
- Malicious / Doxed: the compromised data was intentionally broadcast to expose PII.
While employees may have moved on from your organization, their company issued credentials can still be active and valid within the 3rd party systems they used while employed. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “zombie” accounts that can be used to exploit an organization. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and 3rd party accounts that could be used for exploit.
Fake email accounts are routinely created by employees as a “throw away” when wanting to gain access to a system or piece of data. However, fake email accounts are frequently created to facilitate well-crafted social engineering and/or phishing attacks. Often, the identification of fake email accounts indicates that an organization has been targeted by individuals or groups in the past.
Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys! 1, and so on.) Knowing this, hackers will run scripts using metasploit frameworks (hacking and pentesting tools) to “brute force” their way into an unsuspecting system.
We allow for up to 5 personal email addresses per organization to be tracked, in addition to all emails on the company domain.
Once the data is posted for sale within the Dark Web, it is quickly copied and distributed (re-sold or traded) to a large number of cyber criminals, within a short period of time. It is generally implausible to remove data that has been disseminated within the Dark Web. Individuals whose PII has been discovered on the Dark Web are encouraged to enroll in an identity and credit monitoring service immediately.