Why you should change your password: 4.2 billion exposed identities on the Darknet

What most people consider to be the Internet actually only makes up a small fraction of the entire Internet. It is estimated that as much as 96% of the Internet is not visible or accessible to the general public. This hidden part is known as Deep Web, which is the part of the Internet that is not indexed by search engines.

This is perfectly normal as many webpages are not meant to be found in searches. For instance, you might use a web mail service or access other private pages that are not meant to be found by others in searches.

However, there is a smaller part on the Deep Web known as Darknet. The pages on Darknet can only be accessed by using special software and this underlying anonymity makes it an ideal environment for illegal activities, including selling personal identity information, credit card numbers, login information and other types of data that can be used for criminal activities such as identity fraud, account takeovers and electronic extortion campaigns.

According to 4iQ, an identity intelligence company, the number of new identity records exposed on the Darknet is steadily increasing while previously exposed information continuously re-circulates within underground communities (Source: 2020 4iQ Identity Breach Report May 2020). From 2018 to 2019, 4iQ found a 16.6% increase in unique identity records available on the Darknet, bringing the total number of exposed identities to an incredible 4.2 billion. They also found the number of validated data breaches in 2019 to equal 35 breaches per day. While each breach often contains only a small subset of attributes, every data point has value for cyber criminals. The more data they collect on an individual, the more valuable each data set becomes. Unfortunately, this means that not only do cyber criminals have access to an ever increasing amount of identity data; it also allows them to create even more detailed profiles to be used for criminal activities.

Apart from the economic profit cyber criminals can achieve from extortion and fraud, they can also make money on the sale of identity records. As of 2019, 4iQ found the average price per record in the dark market is $67 for Social Security numbers, $53 for passports and $40 for credit cards. But criminals don’t limit their business to raw data sets; they also provide you with actual physical assets. For the full physical identification assets like passports and driver licenses, prices also differ from country to country. In one example a Norwegian passport and driver license is sold for 750 Euro, while the Finnish package only sets you back 600 Euro.

The general public might not be aware of the mind-blowing number of identity data circulation on the Darknet, but most people recognize the growing threat lurking online. According to the survey from the EU (not including Norway) Special Eurobarometer 499: Europeans’ attitudes towards cyber security (February 2020), nine in ten of the respondents in Sweden and Finland (91% each) agree the risk of becoming a victim of cybercrime is increasing. The majority of respondents feel informed or well informed about the risks of cybercrime, especially in Denmark (80%) and Sweden (72%) while the number is somewhat lower for Finland (68%).

However, the high level of awareness about the risks of cybercrime doesn’t necessarily mean that the respondents know how best to protect themselves against becoming a victim. Although almost all respondents in the EU survey have changed the way they use the Internet as a result of security concerns, there seems to be some misconception among the public as to what would constitute the most important changes in order to reduce the risk of cybercrime.

Six in ten of the respondents from EU countries mention that they don’t open emails from people they don’t know as a result of security concerns. While this can certainly help reduce the risk, the changes that would matter far more significantly in reducing the risk of cybercrime, that is using different passwords for different accounts and changing your password regularly, is far less common among the respondents. Only 41% of the Danish respondents use different passwords for different sites while this is true for 51% of their neighbors in Sweden, and just 14% of the Danes (compared to 17% in Sweden and 26% in Finland)  regularly change passwords as a result of security concerns.

The same paradox is also found in Norway, where a survey from NorSIS in 2019 revealed that despite the fact that using the same password for several websites is considered a high risk by 61% of the Norwegians, only 46% of the Norwegian respondents actually used different passwords for different sites.

The fact that so many people don’t change their passwords or use different passwords makes it easy for the cyber criminals to exploit the data circulating on the Darknet. If one web service is breached and passwords leaked, the criminals can use your password from this web service to gain access to all of your other accounts where you use the same password.

For organizations, providing cyber and identity protection services is a clear opportunity to embed themselves further in the lives of their customers. As cxLoyalty’s Cybercrime SOS research has shown, companies that do this will be rewarded with loyal customers, improved brand perception and a first-mover advantage in offering something different and useful. In fact our research shows that 70 per cent of people are more likely to select a banking service or credit card provider if cybercrime protection services are included in the package.

‘The Nordic countries are among the most digitalized in the world, and a large part of our everyday lives and activities take place online. We use online or mobile banking services, we shop, use self-service solutions from many authorities and we connect with friends on social media. Therefore, the need for security in the digital world is becoming increasingly important, and we are proud to offer our clients and ultimately their customers a comprehensive security solution for their personal data’, says Rikard af Sandeberg, Managing Director cxLoyalty International Denmark & Norway.

The security solution launched by cxLoyalty for Nordic clients helps customers register and monitor their personal data online, such as social security numbers, card details and email addresses. The service scans the public web as well as Deep Web and Darknet for the registered personal data. If any of the registered data is found, the service sends a notification to the customer with suggestions for actions to take.

In addition to monitoring personal data online, a 24/7 telephone support can be added to the service. This will allow the customer to get assistance restoring or blocking social media accounts that have been hacked, advice on how to handle personal data and to get support if the customer has been subjected to a fraud attempt or an ID theft.

’For most people the emotional stress of being a victim of identity theft is huge. The complexity of having to deal with the claims and unpaid invoices can be overwhelming. Being harassed online or discovering that someone has used your pictures or personal information online to create fake profiles in your name can also have severe consequences for your wellbeing. People we have helped really appreciated that they didn’t have to face the problems all alone and that their case was being handled by our team of experts’, says Rikard af Sandeberg.

Want to know more? Listen to the cxLoyalty podcast “Protecting against emerging cyber threats during COVID and beyond” with Chris Dunning, Vice President, Chief Security Officer at cxLoyalty and guest starring Vanessa Richards – Deputy Chief, National Security & Cyber Crimes Unit, U.S. Attorney’s Office for Connecticut and Amyn Gilani – VP Product at 4iQ.

Watch our video explaining our security solution: