When people talk about the dark web, they generally mean the scary part of the internet that is not accessible through standard browsers; they think of it as the area that is used by bad actors and hackers for stealthy and illegal activities. To a great extent, that is true. It is here that breached data (like our logins and passwords that we all use as we go about our daily online activities visiting and logging in to our favorite sites) is bought and sold by hackers. End user logins and passwords are very valuable because they give hackers the means to break into personal accounts. And, even data that is incomplete or partially legitimate makes identity theft possible.
But where does breach data come from? Much of it comes from cyberattacks by bad actors: cyber criminals hacking major corporations. For example, while Yahoo! has experienced more than one hack, the first took place in 2014 and involved over 500 million user accounts. More recently, in 2021, T-Mobile was hacked and data of up to 50 million customers and prospective customers were impacted.
But, breaches aren’t always due to an external cyberattack; breaches can occur when a disgruntled employee absconds with data to hurt the company, or even just an insider making a blunder resulting in data that should have remained private being inadvertently leaked or made accessible to outsiders. For example, in April, 2021, Facebook suffered a leak of 533 million users leaked online.
The breaches we hear about in the news are a constant reminder of the value of our data: logins and passwords being a primary target!
Dark web monitoring involves the analysis of the vast amounts of data of known breaches in search of logins and passwords and then providing information in an actionable format that enables the owners of the credentials and personally identifiable information (PII) to protect themselves.
Previously available only to corporate clients, Crossword Cybersecurity’s powerful credential checking service is now available to individuals and small businesses via Sticky Password’s Dark Web Monitoring powered by ARC interface within the application’s security dashboard on Windows and Mac desktop (Android and iOS coming soon).
Annual Sticky Password Premium subscribers, including Sticky Password for teams (all seats), will have access to ARC for the duration of their 1-year subscription and subsequent renewals. Lifetime Sticky Password customers will receive the initial year of the ARC service included in their license, with a cost-effective renewal option (available in 1-year increments).
To determine if your passwords were exposed in a data breach, Sticky Password prepares a unique and anonymous request to the ARC database of breach data at Crossword Cybersecurity. The response comes back to Sticky Password, where it is analyzed within Sticky Password on your device to see if any passwords were found in the breached data; your passwords are never sent outside of your device.
Sticky Password Premium customers have access to the dark web monitoring service via the new Security Dashboard.
Because of the unpredictable but relentless occurrence of data breaches, Sticky Password is continually checking if any new breach data is available.
To initiate dark web monitoring (DWM) for your Sticky Account, simply choose either the Manual or Automatic setting in the dropdown box in the Security Dashboard.
The Manual setting – turns DWM on for your account. The initial activation will launch a complete check of the logins/passwords stored in your web accounts against the data from known breaches, identifying any matches. NOTE: this will take a while. Notification of any issues is shown in the Security Insights section.
Following the initial check, you can initiate a new scan of your database by clicking Check now below the Manual setting field. Sticky Password will search for any changes you have made since the last scan and will check these against the latest available data from known breaches.
The Automatic setting – turns DWM on for your account. The initial activation will launch a complete check of the logins/passwords stored in your web accounts against the latest data from known breaches, identifying any matches. NOTE: this will take a while. Notification of any issues is shown in the Security Insights section.
Following the initial check, when you make any changes to your logins/passwords, Sticky Password will automatically check the new data against the breach data. Notification is shown in the Security Insights section.
Off – turns dark web monitoring off.