Dark web search engines offer passwords, personal data for sale; how can you protect yourself?
But there are also ways to fight back and protect your money.
“All your data is for sale on the dark web, not just your email address and password,” said Chris Rouland, CEO of Phosphorus Cybersecurity.
Rouland finds security holes and vulnerabilities for its customers. He showed the I-Team a hard drive and information on it, which he said contained billions of usernames and passwords, on the dark web.
“Four billion usernames and passwords,” he said.
Rouland found our producer’s password by entering her email. He said he didn’t buy the information and he would never sell it.
“I found it because that’s where I hang out. Because I keep an eye out for the bad guys. I heard about a big password breach. Your identity is a commodity. Your identity has of value. It could be worth $1. It could be worth $1,000. It’s worth something and it’s bought, sold and traded,” he explained.
You may never know if your information was obtained from the dark web, but identity theft victim Dovie Villalobos thinks hers might have been.
“I walk around with embarrassment and shame inside,” said Villalobos, who is disputing $10,000 in what she said were fraudulent transactions, which took place over several months with her Chase bank account.
She said she also had to close lines of credit with other public companies in her name.
“They have my first name, my last name, they have my address, and so they were able to find out where I live and my phone number. They even have my date of birth,” she said.
Villalobos believes it all started with thieves stealing his debit card number from a gas station.
“Rule number one for me is try never to use your cash card unless you have to. It’s direct access to money in the bank,” said Commander Paul Kane, who directs investigations to the Oak Park police. Department.
He said that due to multiple online transactions across the country, thieves could also have obtained more information, such as a password or debit card PIN, from the dark web.
“It’s very possible that you have your card in your wallet and you don’t even know the PIN or swipe has been compromised, and they’re already using it, the technology has advanced to this point,” said he declared.
Security experts say hackers first target less secure accounts you might have with stores, streaming services, gyms or apps used to invite people to events instead of banks. After getting passwords or PINs from other platforms, they can match them to your bank accounts.
Rouland showed the I-Team how easy it is to be exposed to data breach risks on other accounts unrelated to your bank. He searched and found the data of journalist Jason Knowles.
“Your data has been stolen nine times,” Rouland told Knowles.
To prevent hackers from matching accounts, you should use different and strong passwords and PINs. Also keep an eye on your banking transactions.
“You should check all of this regularly to make sure there is no fraudulent activity. It only takes one to be compromised and it could snowball into something much bigger,” said Kane.
Chase Bank said it has been in contact with Villalobos about its claims. He said some were approved while others were not, based on account activity. And that in addition to her fraud litigation, she can also file an “identity theft claim” which can also help.
“Inside it always bothers me. Where I can’t imagine,” Villalobos said. “I have crazy thoughts about what happened and why would they do this to me, you know, I’m a social worker. I help kids, I help adults, you know, so they have a better life. And in return, they do this to me?”
The most recent FBI report shows $414 million was lost to identity theft and data breaches in 2020.
Always use two-factor authentication on bank accounts. Consider getting a password manager app and strengthening your passwords; for example, use a sentence and then add characters and numbers.
Copyright © 2022 WLS-TV. All rights reserved.