The dark web knows too much about me

We asked cybersecurity experts to scour the dark web for our personal information. What they found was disturbing.

Dan Patterson
Dan is a writer, reporter, and producer. He is currently a reporter for at CBS News and was previously a Senior Writer for TechRepublic.
Dan Patterson
2 min read
Getty Images/iStockphoto

What do Dunkin' Donuts, Fortnite, Sprint and the Dow Jones company all have in common? They've all suffered from massive hacks in 2019 alone.

After every data breach, victim data often surfaces on the encrypted "hidden" internet known as the dark web, a network of sites that can only be accessed with special security software. Dark web markets operate like the ecommerce websites we shop on every day, but often trade in illicit goods like drugs, weapons and stolen data.

Watch this: Finding our personal data on the dark web was far too easy

Because so many companies now capture and store personal information, hacking has become a profitable profession, said Terbium Labs vice president of research Emily Wilson. One hacker known as Gnosticplayers has allegedly leaked over 840 million user records. His most recent dump of 26.42 million records was listed for 1.2431 bitcoin, or about $4,940.

"The dark web has provided the raw materials that these fraudsters need to build out scalable criminal empires," said Wilson. "We're talking about identity theft of millions of people, including children."

Though the stakes are high for individuals, it's often challenging to understand how data breaches that result in the loss of millions of records can have a personal impact. So my colleague Graham Kates and I asked Wilson's firm to scour the dark web for our personal details. What they found was unsettling.

Detailed information about Graham was included in a WikiLeaks-related "fullz" dump, a data breach that can include financial information like Social Security numbers, credit card numbers, date of birth and mailing addresses. Fortunately, most of Graham's information was related to a prior address or no longer relevant. Still, his information, along with the details of several thousand additional users, was for sale at the cut-rate price of $69.


Our data was for sale on the dark web at very lost cost.

My exposure was slightly greater. Terbium found my name, email address and other personal details that were associated with my current phone number on a fraud site called Black Stuff. By plugging some of the information into the dark web site Torch, I was able to uncover additional details, including older geographic coordinates.

Fortunately my current location was not available, but old data is still valuable data, said Wilson, and criminals can use your old details to figure out your routines, where you work and maybe even your neighborhood.

"Once your data is in the mix, you're just another cog in the wheel," she explained. "You're just another resource. Data is often repackaged, resold, re-released, which means, if you're exposed once, it's going to be used hundreds, thousands, maybe even millions of times before it's all said and done."