Why You Need Check Data Breach Online

Data Security: Resource

 By Timing Good
Why You Need Check Data Breach Online
Basically data breach is done by criminals. Now that they steal your data, they shouldn't let you know. So in general people don't have any clue if their personal information safe or not unless the organizations who are attacked to inform them.

However, data breach is hardly detected very soon. And some organization don't disclose the leakage quickly for various reason. For example, Facebook was fined heavily by EU, because it reported a personal data leakage 2 months later. Even if a data breach exposes your privacy and its organization discloses the accident quickly, you somehow miss the notification.Is there a way to check any privacy leakage online? The answer is yes. Because after cyber criminals get privacy, they have to sell them on dark web, sort of black market. It means the quick and reliable way to check if your privacy leaked is to search black market of personal information. Few common people enter dark web which mainly belongs to cyber criminals, however, its trade data aren't isolated in dark web only. From time to time, we also see leaked privacy data in our Internet, which are shipped from dark web and became a base stone to check if you are a victim in previous data breaches.

Here we take Collection 1 as example to show this solution works.

1. Collection 1: leaked data from dark web
Whatever cyber criminals do is for money. They must trade the stolen data in the dark web that is secret for common people but still can be accessed by intended persons. So sooner or later some stolen data will be moved to our Internet for various causes. These data provide a possibility to research if individual personal information, e.g. email, is leaked or not.

From time to time, we see stolen data set from dark web. Here we have to mention the milestone one: Collection 1, which was reported on Jan, 2019. Collection 1 was named by the root folder first spotted to host the files.

The largest data dump in history has more than 770 million people's PII (Personally Identifiable Information), which are being dubbed Collection 1. Its folder contains more than 12,000 files and is as large as 87 gigabytes. These files were originally found on cloud service MEGA, a popular hacking forum as C0rpz, now was posted other places.

There are exact numbers of the package:
  • 2.7 billion rows of data in the databases
  • 1.1 billion unique email address and password combinations
  • Unique email addresses included down to 772,904,991
  • 21 million unique, plain text passwords
There are 2 points to raise up attentions of researchers:

Some data are outdated: This isn't from a single data breach, instead the collection is composed of data pulled together from multiple data breaches and leaks, some of them happened two to three years ago.

Some people think stale data, especially password and email are not particularly useful to re-sue. However, in phishing and extortion campaigns even an outdated password is still possible to cheat unsuspecting user to give own information or even pay ransom.

Some data are legitimate: Collection 1 has 12,000 files and a total of 87GB of data, the real origin of the email addresses and passwords would appear to be multiple sources. Some data may be collected without breaking any law, but dump them into public domain or trade them in the dark web will definitely cause legal issue.

2. Dangers and actions
If your email and password is in Collection 1, possibly you will be a target of various Internet attacks. For example, credential stuffing in account takeover exploits is a common online attack, namely known email addresses and passwords are tried at multiple sites and services in the hope that they have been re-used. If anyone registers on separate website with same email and password, he or she is high risk in this case.

Do you need check privacy data leaked positively? Certainly! You cannot rely on the notification of organizations who have been breached. Instead, periodically check if your privacy data leaked is strongly recommended. Based on we discuss above, the main points are:
  • Some data breaches are never detected, if so you never get the any report or warning for the risk.
  • Many data breaches cannot be detected very soon, the longer delay, the more risk you take.
  • Some organizations don't disclose data breach by law, they may be fined, but you know nothing about the risk.
  • Some data may be collected without breaking any law, the trade may be illegal, but none will report unless victim-self.
If users don't take steps to protect or change credentials after a breach, they are at risk of being targeted again and again. So our advice to users is to take a look to see if your privacy information is caught up in this latest data dump.

Check if your data leaked by data dump
This isn't an easy job because the leaked data are in hands of cyber criminals. Only if they start to trade these data, none know what data are breached. Some Internet security experts do their best to trace data breach and update database to offer more precise result. Below websites are deserved to have a try for checking privacy information.
  • https://haveibeenpwned.com/
  • https://sec.hpi.de/ilc/search
HIBP (Have I Been Pwned) aggregates data breaches in order to make it easy for people to find out if their data leaked. You can easily check to if you’ve been compromised here. Once there, just enter your email address, then you can see if you are in breach database. In addition, you can check if your password was compromised too.

If you are on any of these lists, go forth and change your passwords immediately. If not, don't forget to re-run the check next month.

3. Leakage isn't just in Collection 1
As a matter of fact, Collection1 is just a big and famous dump. The research team Insikt Group from US security firm Recorded Future reported that a forum post created authored by Clorox linked other 6 dumps with the 87GB Collection 1 together:

  1. ANTIPUBLIC 1: 102GB
  2. AP MYR & ZABUGOR 2: 19.49 GB
  3. Collection 2: 528 GB
  4. Collection 3: 37GB
  5. Collection 4: 179GB
  6. Collection 5: 41GB
If the list includes 1000GB of stolen data that contains more than 25 billion records. We believe that many of the leaked accounts are duplicated, but it's still a very difficult task to check email and password from such a huge data sample. The same guy Clorox posted that even the popular database of HBP (Have I been Pwned) was incomplete too and actually "is only a fraction of the original dump known on the dark web as Collection #1."

As the data breach doesn't stop and the stolen data will be updated accordingly, you should keep checking privacy data by right tool and service at least monthly.