Yikes! Have I been breached? Quick…What do I do?
If you’ve received a notification or alert regarding your information being found on the Dark Web, it’s important to understand what this means and how to respond effectively.
The most important first step is to keep calm!
Now, take a moment to read through this guide that will take you through the steps you should now take to protect yourself and your personal data.
We’ll explain the implications of getting a dark web alert or notifications, what actions you can take to mitigate potential risks, and how to stay vigilant in the future.
Your safety and security are paramount, so let’s get started!
What is the Dark Web?
The Dark Web is a part of the internet that isn’t indexed by standard search engines like Google. It exists within a larger network known as the Deep Web, which includes all online content that isn’t accessible through regular browsing. It includes a range of databases, private websites, and password-protected pages. To access the Dark Web, users typically need special software, most commonly the Tor browser, which anonymises their online activity by routing it through multiple servers.
While the Dark Web is often associated with illegal activities—such as the sale of drugs, stolen data, and other illicit goods—it also hosts legitimate content, including forums and services that prioritise privacy. Nevertheless, the Dark Web is a dangerous and risky place where neither you nor your data should be hanging out!
What does a Dark Web notification or alert mean?
If you have received a dark web notification or alert, it means that your company likely has a Dark Web Monitoring service in place, that is scouring the dark web regularly to look for cases where company information or data comes online on the Dark Web.
If your data is published on the Dark Web, it typically means that your personal information—such as your name, email address, passwords, or financial details—has been compromised and is being traded or sold among cybercriminals. This can happen due to data breaches, where hackers gain access to databases containing sensitive information, or through other means like phishing attacks or unsecured networks.
While finding your information on the Dark Web can be alarming, it doesn’t automatically mean you will become a victim of identity theft.
However, it does increase your risk, making it crucial to take proactive steps to protect yourself. This may include changing passwords, monitoring your financial accounts for suspicious activity, and considering identity theft protection services
How to respond to a dark web monitoring alert
Provide below is a list of best-practice IT security steps individuals and IT teams are advised to consider and action in the event that a work account or email address is implicated in a data breach or made available for sale on the dark web.
1. Report the notification to IT
If you discover via dark web monitoring that your work account has been implicated in a data breach or credentials dump, you should notify your manager and IT immediately. There are technical steps they will need to check, including the access and audit logs to determine if any malicious access has been gained to your account.
2. Change your password
Immediately change your password to a new, different, more secure password.
Our recommendations are to:
- Ensure your password is minimum of at least 8, preferably 12 or more characters in length
- Use a mix of alphanumeric characters, or better yet, use a passphrase
- Do not reuse previous passwords from any service
- Do not use a rotating system like, JanuaryP1, February P2, etc.
3. Review the security status of your device
Next, perform or organise a security scan of your devices and ensure all your devices are running
- Up to date, enterprise-grade antivirus software
- Are running the latest version of operating system
- Have been patched to the latest versions and that patches are routinely applied
4. Check your financial accounts
Whilst it is highly unlikely that you will have suffered any financial fall-out from your credentials having been breached or popping up in a dark web alert, it is always a possibility, because unfortunately, the reality is that 85% of people use the same password across services.
If you do use the same password to access your financial services, change that password now, and check your accounts for any suspicious activity.
It is always a good idea to double check your financial account status, because if your credentials were breached via a phishing attack, there is also the possibility that the phishing email delivered keylogging or tracking malware on your device for the purpose of trying to harvest other account log-in details. This is also why performing a device scan, as per step 2. is also wise.
5. Set up a different email account for non-work purposes
Best practice is, and indeed your organisation’s HR and IT policies may dictate, that your work email account is used strictly for work-related purposes.
If you have previously used your work email address as your username to log into non-work-related services, set up a personal email address for those use cases.
And in future, when you go to sign up for a new service or for access to something, consider whether you should be using your work email address or your personal account instead.
6. Turn on Multifactor Authentication (MFA) wherever you can
As a rule of thumb, if you can log onto it via the web, it should have MFA in front of it!
Where you have an option to turn on MFA, do that now. Having MFA in place will mean that when you log in in future, you will be prompted to verify your login attempt.
Even if your credentials are breached again in the future, the malicious actor will not be able to gain access your account without access to that final MFA verification step.
7. Opt out of people search sites and disable old accounts
If you have signed up at some point for professional networking sites that you don’t actively engage with or use, opt out or cancel those profiles.
Likewise, do you still have old accounts out there in the wild? If you don’t use those accounts anymore, but have used the same password elsewhere, make sure you use unique passwords for each and every service going forward and delete any old accounts.
8. Practice good password hygiene
- Use unique passphrase for each and every service you need to log into
- Don’t reuse passwords or password patterns
- Use a password manager to manage all your passwords securely
- Be extra careful of where you enter or disclose your passwords, online or otherwise
- Use MFA wherever you can!
9. Be alert to phishing attempts
By far the number-one way malicious actors obtain your credentials to sell on the dark web to start with is via phishing.
You may have received a legitimate looking email, perhaps even purporting to be from someone you know or a service you use, asking you to log in to review a document or pay an account. You unwittingly enter your username and password and then they’ve got you! Best practice it to double check anything you receive via email before actioning it, and don’t login or action via links in any email.
If you have any questions or concerns, feel free to Contact Us anytime.
