Dark web monitoring

The dark web is the part of the internet that isn’t visible to search engines. It’s not accessible by web browsers like Chrome, Safari or Internet Explorer that everyday people use. It requires a special browser called Tor to access it, and it allows visitors to remain anonymous.

Any time you create an online account and secure it with a weak password, you leave yourself open to vulnerabilities. A trained hacker can access your sensitive information by launching a cyber-attack, phishing scam, or by simply brute forcing their way past your weak password.

Think about the websites or companies that store your personal information like:

• Banks
• Social media
• Shopping websites
• Medical accounts
• Blogs
• Forums, chat rooms, and webinars
• Peer to peer networks
• Email accounts

If these accounts are secured by just a weak or reused password, there’s a possibility they’ve been hacked without you knowing it. A hacker could have access to your valuable data and potentially steal your identity to sell it on the dark web. 

Any information you store online could potentially be stolen. LastPass dark web monitoring checks your email addresses against a database of breached credentials to see if they have been involved in any breaches. If the dark web scan shows that an account has been compromised, you are sent an alert that tells you what account needs attention. You should immediately change your password for the account to help prevent any data theft. The information that hackers find valuable are items like:

• Credit card numbers
• Phone numbers
• Addresses
• Social security numbers
• Bank account numbers

View “Mystery of dark web” infographic to see how much your data is worth on the dark web.

The deep web is anything on the internet that isn't indexed by a search engine like Google. For example, content behind a paywall like membership sites or anything the content owner chooses to block from being indexed. This content can still be accessed by a standard browser.

The dark web is purposefully hidden and requires a Tor browser to access. Estimates say it is about 5% of the total internet.

The dark web itself is not illegal, but illegal activity takes place on the dark web. Because visitors can remain anonymous, it is useful for cybercriminals who want to take part in illegal activities. For example, a cybercriminal may hack into a website and steal user data (like a credit card number or social security number) and sell it on the dark web. 

Simply being on the dark web is not inherently dangerous; however, the average person doesn’t have a need to be on it. There are some use cases for the dark web that aren’t criminal. For example, in some countries with strict governments that prevent access to information online, citizens use the dark web to seek information and share their views freely.

The real risk is that your personal information may end up on the dark web. If you protect your data online, you will not need to worry about the dark web.

Cybercriminals hacking into company databases and stealing user data is very common. You have probably heard of these data breaches in the news. But did you know it doesn’t just happen to enterprise businesses? 

Cybercrime happens to regular people everyday, no matter how valuable the information may be. You may think your sensitive information isn’t worth much, but it’s still valuable to some bad actor.  

While each piece of data (like a credit card number) might only be worth a few dollars when they resell it, this adds up when they’ve stolen thousands or hundreds of thousands of pieces of sensitive information. To see the full breakdown of how much your data is worth check out “Mystery of dark web” infographic.

• Hackers have numerous ways to target people, like phishing emails, misspelled web addresses loaded with malware, as well as weak and reused passwords
• Personally identifiable information is valuable to hackers, which is why hackers target social media, banking logins, and any services recently hit by data leaks
• They often target valuable information, like credit card numbers, social security numbers, and company’s intellectual property

There are many steps you can take to protect yourself, and a few of these can easily and cheaply be put in place right away.

1. Create unique and strong passwords for every online account: This is essential because it makes it harder for hackers to get into your accounts, but it also means if they crack one they don’t have access to any others. You can use a password generator to create these unique, strong passwords.
2. Use a password manager: If you have unique passwords for every account, you won’t be able to memorize them all. You need a password manager to securely store and fill them for you.
3. Turn on multi-factor authentication (MFA) for any sites that offer it. Multi-factor authentication requires you to provide an additional form of authentication on top of your password when logging into your account. Many accounts – like email and social media – offer MFA to help prevent cyber criminals from gaining access.
4. Use a dark web monitoring service: Dark web monitoring checks your information against a database of breached credentials and will alert you if your information has been compromised. This way you can change the passwords for those breached accounts.

LastPass dark web monitoring proactively checks your email addresses against our partner Enzoic’s database of breached credentials. You will be alerted with an email and an in-product message if your email address has been compromised and which account is at risk.

Read more about dark web monitoring and our partnership with Enzoic in our Support Center.

You may hear the term “dark web scan” and wonder how it’s possible for a solution to scan the entire dark web – especially if it’s so hard to access and it’s anonymous. When you hear the term dark web scan, what’s really happening is your credentials (like email addresses) are being checked against a database of credentials from known breaches. At LastPass, this service is provided by our partner Enzoic and in keeping with our zero knowledge model.

If you use dark web monitoring with LastPass, you will receive an email and in-product alert as soon as your email address has been found as a part of a breach. Here are some typical signs that someone is abusing your email account:

• Strange emails in your sent folder.
• Unexpected password reset emails.
• Complaints from your contacts.
• Unusual IP addresses, devices, and/or browsers detected.

Read more about how to tell if your email was been hacked

You should immediately change the password for the compromised account. Read our blog post to see what you can expect.

More details can be found on how to manage dark web alerts in our Support Center.

Dark web monitoring is a great tool to have in your cybersecurity arsenal. However, there are additional steps you can take to protect your personal information from cybercriminals and identity thieves.

Re-using passwords is a very common habit that puts you at risk. If a hacker can figure out the one password, they can access all other accounts that use that password. If you use your password for social media and online banking, and you click a spammy link on a social media site, your banking information could be vulnerable if your password is hacked.

WiFi networks can easily be hacked, so leveraging a virtual private network (VPN) will ensure that your internet browsing data stays safe.

Find more tips to protect you from identity theft in our blog.

Yes. The online security practices of end users affect the safety of the entire business. Weak and reused passwords can make it easier for hackers to get into a user’s work accounts just as easily as their personal accounts. LastPass dark web monitoring is available to all LastPass business users, so they can ensure they are keeping themselves safe online.

Learn more about LastPass for business. 

LastPass admins of LastPass Business accounts can manage the “Control dark web monitoring” policy and its settings.