Hackers that hacked their ways into databases and websites, and managed to steal sensitive information, tend to leak them onto the dark web.
This hidden corner of the web has been known to be a place notorious for hackers to hang out. With each coming data breach, hackers are actively trading the data to whoever wants them.
According to Michael Gazeley, managing director of Network Box, "It’s 6.5 billion now.”
“That [6.5 billion] could mean that everyone with a device has been hacked twice over. That’s mind-boggling stuff," said Gazeley.
Globally, the volume of cyberattacks doubled between 2015 and 2018, according to year-on-year analysis from the LexisNexis Risk Solutions’ ThreatMetrix global cybercrime report, which gathered its data from billions of global transactions.
In Hong Kong for example, the more than 10,000 cybersecurity incidents reported by businesses in 2018 represented a 55 percent increase from 2017, according to year-end updates from the Hong Kong Computer Emergency Response Team.
These caused damage of more than HK$2 billion ($256.4 million) to Hong Kong companies and individuals in the first nine months of 2018.
2018 was also marked by high-profile data breaches, including the Marriott hotels group, with 500 million customer records stolen, and airline Cathay Pacific, with 9.4 million records stolen.
And earlier in 2019, a data set with information on 900 million accounts was posted to the dark web, according to Gazeley’s monitoring attempts. The information appeared to be gathered from different sources, some of which were old, but others looked new, he said.
To get a glimpse into how much data has been leaked to the dark web, Gazeley said that the staff at Network Box pretended to be hackers to communicate and monitor the darknet pockets' activities.
"There are hacker forums and you hear people boasting [about data they’ve hacked] … once they start boasting we have to check out if it’s real,” he further explained.
While data sets from breaches are sometimes sold, many of them were just openly released on the dark web.
Leaked user information that include users’ internet browsing history and other data. This can be compiled to create profiles to then be sold to advertisers. As a result, leaked emails for example, can receive a lot more spam.
But there are other dangers too, especially when username-password combinations are also leaked, as this information can be used to scam the owners.
For example, fraudsters can send targeted emails that include the actual password the target uses. This can trick them into thinking they’ve been hacked, and transferring money or giving them access to accounts.
As for how people can protect themselves, Gazeley suggested people to use two-point verification on account logins and different passwords for different accounts.
"If a hacker really wants to target you, then chances are he’ll succeed. But if he’s not after you and you’re well protected, well, then he’ll go after one of the other 6.5 billion accounts."