I dodged scam and spam emails in my inbox for years, but after generative AI’s rise created a new wave of sophisticated scams, I had to close the first Gmail account I ever created. My inbox had become a minefield of phishing links and malware-laden attachments. To make myself feel better, I decided to find out which company lost my email address first. While researching, I learned that there are many paths our personal information can take on the journey from your computer to the dark web.
How Your Data Reaches the Dark Web
To help map how our information reaches the dark web, I revisited my discussion with Dr. Darren Williams, a ransomware and cybersecurity expert at BlackFog. We spoke about ways to protect your private information after a data breach.
When I told him about my leaked email address, he told me, “Everybody on planet Earth has had their data leaked at this point.” With that in mind, here are some of the ways your data can end up on the dark web.
When Companies Sell Your Information
Companies often sell customer data during an acquisition or as part of a bankruptcy settlement. In these cases, your data gets packaged up and sold to another company, as seen in the 23andMe buyout by Regeneron Pharmaceuticals. If the new company gets hacked or otherwise fails to protect your information, that data could end up on the dark web.
“Everybody on planet Earth has had their data leaked at this point.”
Sometimes your information goes straight to a data broker after a company dissolves. Data brokers post your information online and sell off bits of it to anyone who can afford it. Unfortunately, your information isn’t even safe behind the brokers’ paywall, since those sites get hacked, too. We saw an example of this when hackers on a Russian cybercrime forum posted screenshots of user data from Gravy Analytics, a location data firm.
How Stolen Data Gets Resold Online
A company may have lost your information due to a data breach or another security incident. Those criminals usually don’t use all of the customer data they steal. Instead, they’ll sell it on dark web forums and websites for other criminals and scammers (or anyone else) to buy.
One Click Can Expose Everything
Did you click on a phishing link in an email or text message? I’ve spoken with experts who say that phishing scams tend to ramp up during the holiday season or around major events, such as tax filing deadlines. Scammers will send spear phishing emails or text messages containing links to websites that collect all of your data, including financial information, and then they’ll post it on the dark web.
The Hidden Cost of Free Quizzes
When’s the last time you entered your birthdate on a website to read your horoscope? Have you ever taken a quiz or survey on Facebook or another social platform? When you entered that personal information, you sent it to a database that could be attacked or sold. If either of those things happened, that data is on the dark web now.
4 easy things you can do to be more secure online — Clarification Please
Sometimes the Intruder Is Already Inside
Maybe you’ve picked up some malware or spyware on one of your devices. Malicious apps or browser extensions can steal the data right off of your computer or mobile device, and you may not know about it until much later. Williams cited the 2024 cyberattack on Change Healthcare as an example of this method.
“They were latent for nine days inside the company’s computers, behind the firewalls, just doing reconnaissance work,” said Williams.
“You only need to have one weak link, and you can get in.”
How I Found the Breach That Exposed My Email
My old email address’s path to the dark web will be familiar to my fellow millennials. At some point in the mid-aughts, I signed up for Tumblr, a microblogging site, and then forgot about the account after a few months. When that website’s servers were breached 13 years ago, my email address, along with 65 million others, was stolen.
Finding this information was incredibly easy: I used a data breach report scanner. I chose Bitwarden‘s scanner because it provides detailed reports showing all records exposed in a breach, such as your birthdate, photos, phone number, physical address, and other sensitive personal information.
Most of the password managers I’ve tested include some form of dark web monitoring or scanning in the password health section of the app. Password manager dark web scanners can check for mentions of anything in your password manager vault, including email addresses, usernames, or the passwords themselves.
A data breach report from Bitwarden. (Credit: Bitwarden/PCMag)
Many financial companies, like Experian, offer free dark web scanning tools. You can also set up dark web monitoring for your Google accounts. You enter a bit of info about yourself, usually your email address, and the tool scans known data breach lists posted to the dark web for that information.
Recommended by Our Editors
Only use dark web scanners from companies you recognize and trust. I say this because it’d be incredibly easy for anyone to set up a web form that can steal your social security number, banking details, address, and other private information under the guise of scanning data breach reports.
Can You Remove Your Data From the Dark Web?
Unfortunately, it’s incredibly hard to take your data off the dark web. Even dark web forum closures or site bans won’t save you, because the breach list data is probably saved elsewhere. Removing your data from the public web is tough, too. Consider signing up for a personal data removal service to help remove some of your personal information from data broker sites.
“I’d always advise people to be very careful what you put out there,” Williams told me. “If you’ve posted anything online, it’s already out there. You can’t put the genie back in the bottle.”
In other words, don’t give data brokers or criminals anything to collect in the first place. Maybe that means making your profile private or not using social media platforms at all. You can also start entering as little information as possible when signing up for online services or shopping. Does the hardware store really need your full name and birthdate because you’re buying a rake? Probably not; don’t give that away (or better yet, lie about it).
“If you’ve posted anything online, it’s already out there. You can’t put the genie back in the bottle.”
Consider poisoning your online data well, too. That means filling online forms with fake information (get creative with your pseudonyms), so when that information is lost in a data breach or sold during a corporate acquisition, you won’t care, because it’s not your real information anyway.
With help from Williams, I’ve written a detailed guide to recover your privacy after a data breach. After giving that a read, check out our cybersecurity checklist for a list of periodic tasks to help you clean up your online presence and shore up your digital defenses.
About Our Expert
Kim Key
Senior Writer, Security
Experience
I review privacy tools like hardware security keys, password managers, private messaging apps, and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.
In addition to the categories below, I exclusively cover ad blockers, authenticator apps, hardware security keys, and private messaging apps.
I dodged scam and spam emails in my inbox for years, but after generative AI’s rise created a new wave of sophisticated scams, I had to close the first Gmail account I ever created. My inbox had become a minefield of phishing links and malware-laden attachments. To make myself feel better, I decided to find out which company lost my email address first. While researching, I learned that there are many paths our personal information can take on the journey from your computer to the dark web.
How Your Data Reaches the Dark Web
To help map how our information reaches the dark web, I revisited my discussion with Dr. Darren Williams, a ransomware and cybersecurity expert at BlackFog. We spoke about ways to protect your private information after a data breach.
When I told him about my leaked email address, he told me, “Everybody on planet Earth has had their data leaked at this point.” With that in mind, here are some of the ways your data can end up on the dark web.
When Companies Sell Your Information
Companies often sell customer data during an acquisition or as part of a bankruptcy settlement. In these cases, your data gets packaged up and sold to another company, as seen in the 23andMe buyout by Regeneron Pharmaceuticals. If the new company gets hacked or otherwise fails to protect your information, that data could end up on the dark web.
“Everybody on planet Earth has had their data leaked at this point.”
Sometimes your information goes straight to a data broker after a company dissolves. Data brokers post your information online and sell off bits of it to anyone who can afford it. Unfortunately, your information isn’t even safe behind the brokers’ paywall, since those sites get hacked, too. We saw an example of this when hackers on a Russian cybercrime forum posted screenshots of user data from Gravy Analytics, a location data firm.
How Stolen Data Gets Resold Online
A company may have lost your information due to a data breach or another security incident. Those criminals usually don’t use all of the customer data they steal. Instead, they’ll sell it on dark web forums and websites for other criminals and scammers (or anyone else) to buy.
One Click Can Expose Everything
Did you click on a phishing link in an email or text message? I’ve spoken with experts who say that phishing scams tend to ramp up during the holiday season or around major events, such as tax filing deadlines. Scammers will send spear phishing emails or text messages containing links to websites that collect all of your data, including financial information, and then they’ll post it on the dark web.
The Hidden Cost of Free Quizzes
When’s the last time you entered your birthdate on a website to read your horoscope? Have you ever taken a quiz or survey on Facebook or another social platform? When you entered that personal information, you sent it to a database that could be attacked or sold. If either of those things happened, that data is on the dark web now.
4 easy things you can do to be more secure online — Clarification Please
Sometimes the Intruder Is Already Inside
Maybe you’ve picked up some malware or spyware on one of your devices. Malicious apps or browser extensions can steal the data right off of your computer or mobile device, and you may not know about it until much later. Williams cited the 2024 cyberattack on Change Healthcare as an example of this method.
“They were latent for nine days inside the company’s computers, behind the firewalls, just doing reconnaissance work,” said Williams.
“You only need to have one weak link, and you can get in.”
How I Found the Breach That Exposed My Email
My old email address’s path to the dark web will be familiar to my fellow millennials. At some point in the mid-aughts, I signed up for Tumblr, a microblogging site, and then forgot about the account after a few months. When that website’s servers were breached 13 years ago, my email address, along with 65 million others, was stolen.
Finding this information was incredibly easy: I used a data breach report scanner. I chose Bitwarden‘s scanner because it provides detailed reports showing all records exposed in a breach, such as your birthdate, photos, phone number, physical address, and other sensitive personal information.
Most of the password managers I’ve tested include some form of dark web monitoring or scanning in the password health section of the app. Password manager dark web scanners can check for mentions of anything in your password manager vault, including email addresses, usernames, or the passwords themselves.
A data breach report from Bitwarden. (Credit: Bitwarden/PCMag)
Many financial companies, like Experian, offer free dark web scanning tools. You can also set up dark web monitoring for your Google accounts. You enter a bit of info about yourself, usually your email address, and the tool scans known data breach lists posted to the dark web for that information.
Recommended by Our Editors
Only use dark web scanners from companies you recognize and trust. I say this because it’d be incredibly easy for anyone to set up a web form that can steal your social security number, banking details, address, and other private information under the guise of scanning data breach reports.
Can You Remove Your Data From the Dark Web?
Unfortunately, it’s incredibly hard to take your data off the dark web. Even dark web forum closures or site bans won’t save you, because the breach list data is probably saved elsewhere. Removing your data from the public web is tough, too. Consider signing up for a personal data removal service to help remove some of your personal information from data broker sites.
“I’d always advise people to be very careful what you put out there,” Williams told me. “If you’ve posted anything online, it’s already out there. You can’t put the genie back in the bottle.”
In other words, don’t give data brokers or criminals anything to collect in the first place. Maybe that means making your profile private or not using social media platforms at all. You can also start entering as little information as possible when signing up for online services or shopping. Does the hardware store really need your full name and birthdate because you’re buying a rake? Probably not; don’t give that away (or better yet, lie about it).
“If you’ve posted anything online, it’s already out there. You can’t put the genie back in the bottle.”
Consider poisoning your online data well, too. That means filling online forms with fake information (get creative with your pseudonyms), so when that information is lost in a data breach or sold during a corporate acquisition, you won’t care, because it’s not your real information anyway.
With help from Williams, I’ve written a detailed guide to recover your privacy after a data breach. After giving that a read, check out our cybersecurity checklist for a list of periodic tasks to help you clean up your online presence and shore up your digital defenses.
About Our Expert
Kim Key
Senior Writer, Security
Experience
I review privacy tools like hardware security keys, password managers, private messaging apps, and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.
In addition to the categories below, I exclusively cover ad blockers, authenticator apps, hardware security keys, and private messaging apps.
Click Here For The Original Source.
