A. M. 
Forty-four percent of MEPs and 68% of British MPs have had their personal data leaked and circulated on the dark web. This happened after registering on online platforms using official emails and personally identifiable information (PII). Cybercriminals attacked the third-party providers, extracted this data and traded it on the dark web. Faced with this problem, ESET, a leading company in proactive threat detection, offers recommendations to prevent personal data from falling into “the dark side of the Internet”.
“Unfortunately, this problem does not only affect politicians or public figures; anyone could be a victim, even if they follow safe practices. Hence the importance of keeping a close eye on our digital footprint and protecting the most sensitive data”, comments Camilo Gutiérrez Amaya, head of the ESET Latin America Lab.
The dark web comprises areas of the Internet that are not indexed by conventional search engines and allow anonymous browsing through the Tor browser. As enablers of a criminal economy worth billions, dark web sites allow threat actors to buy and sell stolen data, hacking tools, services and more. Despite regular law enforcement crackdowns, they continue to adapt to fill the gaps left by authorities as they dismantle their operations.
A study by Proton and Constella Intelligence revealed that two-fifths (40%) of the email addresses of European, British and French parliamentarians are exposed on the dark web. Nearly 1,000 of the 2,280 compromised emails contained plain text passwords, also exposing data such as dates of birth and addresses. This data represents an arsenal for phishing attacks and identity fraud.
There are multiple ways in which data can end up in the dark web, some of them are:
- Data leaks in external organizations: personal data is stolen from entities with which it was previously interacted. In the United States during 2023, more than 3,200 such incidents were recorded, affecting more than 353 million customers.
- Phishing attacks: fraudulent messages that appear legitimate invite you to click on links that may install malware or request sensitive data on fake pages.
- Credential stuffing: a cybercriminal uses previously compromised logins to access accounts, stealing additional information to sell.
- Infostealer malware: malicious applications disguised as legitimate files, such as movie or game downloads, can extract personal data from infected devices.
In case of detecting that personal information has been compromised on the dark web, ESET recommends taking immediate measures such as changing all passwords, enabling two-factor authentication (2FA), notifying the authorities, installing trusted security software and monitoring bank accounts and social networks for any suspicious activity.
To prevent future attacks, ESET advises:
- Be more cautious when sharing information online.
- Review the security/privacy settings of social network accounts.
- Activate “stealth mode”, that is to say, where appropriate, use options such as disposable email addresses so that you don’t always have to give out your personal details.
- Never respond to unsolicited e-mails, messages or calls, especially those that try to rush you into action without first thinking it through clearly.
- Use strong, unique passwords on all accounts that offer it and enable a strong form of 2FA for added protection.
- Invest in a dark web monitoring service that notifies you of newly discovered personal data on the Internet and allows you to act before cybercriminals can take advantage of it.
Invest in a dark web monitoring service that notifies you of newly discovered personal data on the Internet and allows you to act before cybercriminals can take advantage of it.
