惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tailwind CSS Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
J
Java Code Geeks
大猫的无限游戏
大猫的无限游戏
雷峰网
雷峰网
WordPress大学
WordPress大学
Jina AI
Jina AI
IT之家
IT之家
Hugging Face - Blog
Hugging Face - Blog
博客园 - 聂微东
有赞技术团队
有赞技术团队
V
Vulnerabilities – Threatpost
博客园 - 司徒正美
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
S
SegmentFault 最新的问题
C
Cisco Blogs
V
V2EX
博客园 - 三生石上(FineUI控件)
Apple Machine Learning Research
Apple Machine Learning Research
I
Intezer
人人都是产品经理
人人都是产品经理
博客园_首页
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Know Your Adversary
Know Your Adversary
酷 壳 – CoolShell
酷 壳 – CoolShell
Security Latest
Security Latest
V
Visual Studio Blog
S
Schneier on Security
宝玉的分享
宝玉的分享
博客园 - 【当耐特】
腾讯CDC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - Franky
Last Week in AI
Last Week in AI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
K
Kaspersky official blog
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
量子位
S
Securelist
小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tenable Blog
阮一峰的网络日志
阮一峰的网络日志
博客园 - 叶小钗
T
Troy Hunt's Blog

WeLiveSecurity

Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab Small business, big risk: How SMBs can fight back against ransomware HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
Your information is on the dark web. What happens next?
Phil Muncaster · 2026-01-13 · via WeLiveSecurity

Privacy

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

13 Jan 2026  •  , 6 min. read

Your personal information is on the dark web. What happens next?

Contrary to popular belief, much of the dark web isn’t the den of digital iniquity that some commentators claim. In fact, there are plenty of legitimate sites and forums there offering privacy-enhanced content and services to help individuals avoid censorship and oppression. However, the truth is, it’s also a magnet for cybercriminals, who can visit its forums, marketplaces and other sites without fear of being tracked and unmasked.

Many of these exist to facilitate the trade in stolen personal and financial information. Often, personal data is bought and sold alongside other items like narcotics, hacking tools and exploits. So what should you do if you find out your data is up for sale on one of these sites?

figure 1 (1)
Caption

How did my data get there?

There are various ways personally identifiable information (PII), credentials and financial data can end up in the hands of cybercriminals:

  • Data breaches involve the large-scale theft of customer/employee information, which then usually appears for sale on the dark web. The US was on track for a record year in this area, having already recorded 1,732 incidents in the first half of 2025, leading to over 165.7 million breach notifications. We all do business with so many organizations online these days, the risk of being caught up in a breach is growing all the time. Most of us will have experienced at least one notification email in our lives. That risk also increases thanks to the proliferation of double extortion ransomware attacks, where data is stolen in order to extort a victim organization.
  • Infostealer malware does what the name suggests. It has become incredibly popular thanks to “as-a-service” kits like RedLine and Lumma Stealer. The malware can be hidden in legitimate-looking mobile apps, on web pages, in malicious ads, and phishing links/attachments, among other places. The data it collects is then assembled by threat actors and sold on the dark web. Often, both credentials and session cookies are stolen, making it easier for hackers to bypass even multi-factor authentication (MFA).
  • Phishing has always been a popular way to steal information from a victim. But the advent of generative AI (GenAI) tools has made it easier for threat actors to scale attacks, while also personalizing them, and writing in flawless local language to increase their chances of success. If you unwittingly click through and enter your information on a phishing site, it could end up being sold on the dark web.
  • Accidental leaks are a common occurrence on the internet due often to misconfiguration of cloud systems, such as failing to require a password to access online databases. This can leave data exposed to anyone who knows where to look (or has been scanning for misconfigured instances). If it’s left open for long enough, a database could be stolen and sold on the dark web. Threat actors could also delete the original database in order to extort their corporate victim.
  • Supply chain attacks are similar to regular data breaches, but instead of the company you shared your data with being hacked, it is a supplier or partner organization. These companies have been granted permission to access and use that information, but often don’t have the same robust security posture. They are an attractive target for threat actors as just one attack could help them to access data on multiple, corporate clients. Sometimes, these suppliers are digital providers, like Progress Software. When a zero-day vulnerability in its popular MOVEit file transfer software was exploited in 2023, thousands of organizations and over 90 million downstream customers were compromised. Data brokers are another potential weak link. They harvest information legally via web scraping and tracking, but may not keep it well protected.
Picture2 (1)
Figure 2. PayPal and credit card accounts up for grabs, as spotted by ESET researchers

What do they want?

The stuff that cybercriminals really want is your financial information (bank account numbers, card details and logins), PII, and account logins. With this, they can hijack accounts to drain them of data and funds, and possibly access stored card information, or else use your PII in follow-on phishing attempts designed to get hold of financial information. Alternatively, they could use that PII in identity fraud, such as applying for new lines of credit, medical treatment or welfare benefits.

Biometric data is particularly sensitive as it can’t be “reissued” or reset like a password. And session tokens/cookies are also useful for threat actors as these can help them to bypass MFA.

This could have a significant financial impact. A recent ITRC report claims that 20% of US fraud victims over a single year reported losses of over $100,000 and over 10% lost at least $1m.

What to do if you find your information on the dark web

If you’re alerted to the appearance of some personal and/or financial information on the dark web, take the following action (depending on the information at risk):

  • Change any compromised passwords, and ensure you only use strong, unique credentials stored in a password manager.
  • Switch on MFA for all accounts, and use either an authenticator app or a hardware security key, rather than SMS (which can be intercepted).
  • Sign out of all devices, to stop hackers who may have stolen your session cookies.
  • Contact your bank, freeze your cards and have them reissued.
  • Freeze your credit with each of the main bureaus. This will prevent any fraudster from opening a new line of credit in your name.
  • Scan your PC/devices for infostealer malware.
  • Report the leak to the FTC (US), Report Fraud (UK) or relevant European authorities.

Long-term steps to keep your PII safe

Once the dust has settled, there are things you can do to mitigate the risk of sensitive information ending up on the dark web. Consider services like Hide My Email to reduce the amount personal information companies store. It also pays to keep an eye open for suspicious activity in your bank accounts. It’s also a good idea to checkout as a guest and never save any card info when you shop with a third-party site.

Next, reputable security software on all of your devices and PCs will go a long way towards reducing the chances of installing infostealer compromise and phishing. Only download apps from official stores. And be wary of any unsolicited emails/texts/social media messages containing links or attachments.

Reduce the volume of data available to brokers by ensuring all of your social accounts are set to “private.” Use encrypted comms services and privacy-enhanced browsers and search engines. Also, consider sending “right to be forgotten” requests to data brokers, possibly via services with the requisite expertise.

Finally, some identity protection products and services such as HaveIBeenPwned can scour the dark web for your details to see if they have already been breached and/or alert you when any PII appears on the dark web. If there’s a match, it could give you time to cancel cards, change passwords and take other precautions. 

The breach of personal information and logins can be emotionally upsetting, as well as financially damaging. And if you reuse logins across work accounts, it could even have a negative impact on your career, if it enables hackers to access corporate resources. At the end of the day, we all need to be proactive in order to make our digital lives safer.


Let us keep you
up to date

Sign up for our newsletters