Why You Need Check Data Breach Online

Data Security: Resource

 Search Resources
Hot Words
Key Words
In Field

 

 By Timing Good
Why You Need Check Data Breach Online
Data BreachCybercriminals cause data breach. Now that they steal your data, they shouldn't let you know. So, in general, people don't have any clue if their personal information is safe or not unless the organizations attacked inform them.

However, a data breach is hardly detected very soon. And some organizations don't disclose the leakage quickly for various reasons. For example, Facebook was fined heavily by the EU, because it reported a personal data leakage two months later. Even if a data breach exposes your privacy and its organization discloses the accident quickly, you somehow miss the notification. Is there a way to check any privacy leakage online? The answer is yes. Because after cybercriminals get privacy, they have to sell them on the dark web, sort of black market. It means the quick and reliable way to check if your privacy leaked is to search the black market of personal information. Few ordinary people enter the dark web, which mainly belongs to cyber criminals. However, its trade data aren't limited in the dark web only. From time to time, we also see leaked privacy data on our Internet, which are shipped from the dark web and became a base stone to check if you are a victim in previous data breaches.

Here we take Collection 1 as an example to show this solution works.

1. Collection 1: leaked data from dark web
Whatever cybercriminals do is for money. They must trade the stolen data in the dark web that is secret for ordinary people but still can be accessed by intended persons. So sooner or later, some stolen data will be moved to our Internet for various causes. These data provide a possibility to research if individual personal information, e.g., email, is leaked or not.

From time to time, we see stolen data set from the dark web. Here we have to mention the milestone one: Collection 1, which was reported on Jan 2019. Collection 1 was named by the root folder first spotted to host the files.

The most massive data dump in history has more than 770 million people's PII (Personally Identifiable Information), which are being dubbed Collection 1. Its folder contains more than 12,000 files and is as large as 87 gigabytes. These files were originally found on cloud service MEGA, a popular hacking forum as C0rpz, now was posted in other places.

There are exact numbers of the package:
  • 2.7 billion rows of data in the databases
  • 1.1 billion unique email address and password combinations
  • Unique email addresses included down to 772,904,991
  • 21 million unique, plain text passwords
There are 2 points to raise attentions of researchers:

Some data are outdated: It isn't from a single data breach; instead the collection is composed of data pulled together from multiple data breaches and leaks. Some of them happened two to three years ago.

Some people think stale data, especially passwords and emails, are not particularly useful to re-sue. However, in phishing and extortion campaigns, even an outdated password is still possible to cheat unsuspecting user to give own information or even pay ransom.

Some data are legitimate: Collection 1 has 12,000 files, and a total of 87GB of data, the real origin of the email addresses and passwords would appear to be multiple sources. Some data may be collected without breaking any law, but dump them into public domain or trade them in the dark web will cause legal issues.

2. Dangers and actions
If your email and password are in Collection 1, possibly you will be a target of various Internet attacks. For example, credential stuffing in account takeover exploits is a typical online attack. Namely, someone uses known email addresses and passwords at multiple sites and services in the hope that they have been re-used. If anyone registers on a separate website with the same email and password, he or she is at high risk in this case.

Do you need to check privacy data leaked positively? Certainly! You cannot rely on the notification of organizations that have been breached. Instead, periodically check if your private data leaked is strongly recommended. Based on we discuss above, the main points are:
  • Some data breaches are never detected. If so, you never get any report or warning for the risk.
  • Many data breaches cannot be detected very soon, the longer the delay, the more risk you take.
  • Some organizations don't disclose data breach by law, they may be fined, but you know nothing about the risk.
  • Some data may be collected without breaking any law, the trade may be illegal, but none will report unless victim-self.
If users don't take steps to protect or change credentials after a breach, they are at risk of being targeted again and again. So our advice to users is to take a look to see if your private information is caught up in this latest data dump.

Check if your data leaked by data dump
It isn't an easy job because the leaked data are in the hands of cybercriminals. Only if they start to trade these data, none know what data are breached. Some Internet security experts do their best to trace data breaches and update databases to offer more precise results. These websites deserve you to have a try to check if any private information leaked.
  • https://haveibeenpwned.com/
  • https://sec.hpi.de/ilc/search
HIBP (Have I Been Pwned) aggregates data breaches to make it easy for people to find out if their data leaked. You can quickly check if you've been compromised here. Once there, enter your email address, then you can see if you are in breach database. Besides, you can check if your password was compromised too.

If you are on any of these lists, go forth and change your passwords immediately. If not, don't forget to re-run the check next month.

3. Leakage isn't just in Collection 1
Collection1 is just a big and famous dump. The research team Insikt Group from US security firm Recorded Future reported that a forum post created authored by Clorox linked other six dumps with the 87GB Collection 1 together:

  1. ANTIPUBLIC 1: 102GB
  2. AP MYR & ZABUGOR 2: 19.49 GB
  3. Collection 2: 528 GB
  4. Collection 3: 37GB
  5. Collection 4: 179GB
  6. Collection 5: 41GB
If the list includes 1000GB of stolen data that contains more than 25 billion records, we believe that many of the leaked accounts are duplicated. It's always a complicated task to check email and password from such a large data sample. Actually, it's impossible to maintain a reliable leaked data bank. The famous database of HBP (Have I been Pwned) was incomplete too, and was "only a fraction of the original dump known on the dark web as Collection #1."

As the data breach doesn't stop and the stolen data will be updated accordingly, you should keep checking privacy data by the right tool and service at least monthly.