Major data breaches at banks and sites like Yahoo – where about 3 billion accounts were compromised – mean that your personal data can travel to the dark web, networks of encrypted, often shadowy, websites that are not indexed by common search engines. In fact, the dark web is so different that you typically need special software to use it.
When massive data breaches happen at organizations where you have an account, it is safe to assume that your personal data has made it to the dark web. That could mean, for instance, your user name and password at a bank or credit card institution have been compromised.
“Once the criminals have it, the bits that describe it are indelibly written," Roger Kay, president of Endpoint Technologies Associates, told Fox News. "Its virtual life is infinity. The criminals hope to sell it and there are buyers who have various interests.”
Sherban Naum, senior vice president, Corporate Strategy and Technology, at Bromium, a cybersecurity firm, told Fox News everyone should expect to have their data stolen "at some point."
Here are some options and the best way to respond if your personal data has been hacked.
How to check if your data is compromised
The site “Have I been pwned” (an Internet slang term used to describe defeat) provides a comprehensive list of major data breaches.
It allows you to check, for free, if your email address has been hacked. A check of an email address could show multiple breaches at sites like Adobe, bitly, Equifax and LinkedIn, where hacks were widely reported in the past.
“The most significant difference is that ‘Have I been pwned’ is not trying to sell you anything” and doesn’t come with all the strings attached to other "free" dark web scans, James Lerud, of cyber-security firm Verodin told Fox News.
There are other services that allow you to check if your personal data has been compromised. Experian also offers a free service, though it’s not as straightforward as “Have I been pwned.”
Good password strategy
“A different password for each account is ideal,” Verodin's Lerud said. “But it just isn't practical without using a password manager such as KeePass, LastPass, Dashlane. Enabling two-factor authentication for your critical accounts is also a good idea.”
Lerud said Google provides two-step verification, which can be accessed here. It also offers a free security checkup.
Can you recover your data?
In a word, no.
Once the criminals get your personal data, it’s immediately copied multiple times, so don’t expect to get your compromised data back and out of the criminals' hands.
“Digital data is copied, moved, altered, downloaded and uploaded at Internet-speed," Brian Contos, chief information security officer, Verodin, told Fox News. "With billions of connected devices and trillions of gigabytes of digital data, full discovery of where your data is and attempted recovery [or] destruction isn’t a tenable option.”
Again, the best protection for an individual is good password etiquette. This includes changing your password often and making sure you have different passwords, which cannot be easily guessed and are reasonably long, for each account.
Is law enforcement active on the dark web?
Dark web forums are monitored by the FBI, intelligence agencies, banks and a variety of consultants and specialists that work for corporations.
“Many Dark Web forums are monitored by law enforcement agencies and private organizations. However, there are many forums. And existing forums frequently move,” said Verodin’s Contos.
“Some of these forums are even offline, leveraging ‘old school’ dial-up bulletin board systems (BBS) as opposed to being directly connected to the Internet. So, the probability of a percentage of these forums not being monitored is very high,” he added.
Check sites regularly like "Have I been pwned" to see if your personal data has been compromised.
Additionally, you should make sure you have different passwords for each account and change them regularly.