The Dark Web…sounds like something out of Star Wars. No, wait, that’s the Dark Side.
Actually the Dark Web IS the dark side. It is the dark side of the internet.
It requires special tools to access so you cannot just Google it and go there from your normal browser. That is, you can’t accidentally stumble into it.
It is used primarily as a platform for activities to elude law enforcement. One of these activities is the selling of stolen personal/private information. The data is stolen via data breach (cyber attacks) of organizations with large databases of such info. This data may include names, social security numbers, birthdates, credit card information, health records and more. These are sold for identify theft or credit card fraud.
One of the biggest uses is to sell email addresses and passwords. The purpose isn’t just so you can be sent spam email. That would be frustrating for sure. But it’s much more treacherous than that.
Cyber criminals count on users to re-use the same password for multiple accounts. Then, with your email address and password, a cyber criminal can access your accounts. Let’s say, for example, from the LinkedIn breach, your username (Wile.E.Coyote@Acme.com) and password (DieRoadRunner) are on the dark web. You may have changed your password on LinkedIn. But you didn’t change it on your bank account or on your work account. The cyber criminal knows you work at Acme from your email. So they try to login to your work account using your password. Once they’re in, they can access anything you are able to access. Or they can send an email from your account. If you’re the CEO, they could send an email to the finance officer (as you) directing her to wire $1M to an off-shore account.
All it takes is one hit for a criminal to get into your company, just one employee to use the same password on his work account that he uses on other accounts. One hundred employees may use good cyber hygiene, but all it takes is one who doesn’t.
It is estimated that 76% of employees and executives reuse passwords across personal and professional accounts.
Criminals can also go after you personally. They can try to login to various bank accounts to see if that username and password work. Again, once in, they can drain your personal bank account.
All this just because you didn’t take the time to use different passwords on your accounts.
In 2020 alone, 22 million new records were added to the Dark Web.
A short-term solution is to use multi-factor authentication (MFA). Even if the criminal has the username and password, he still cannot get in because he doesn’t have access to the one-time code that is needed via the MFA device. Studies show that MFA can stop 99% of password-based cyber attacks.