Skip to main content

The Dark Web - Stolen Data and Hidden Markets

About 2 min read

The dark web is a part of the internet that cannot be accessed with an ordinary browser and is reachable only through anonymizing networks such as Tor. Because of its high degree of anonymity, it has become a breeding ground for illegal activity, including the trade of leaked passwords and personal information and the sale of malware. On the other hand, it is also used to share information in countries where freedom of speech is restricted. In 2024, the operation of leak sites on the dark web by ransomware groups grew even more active, and the damage from double extortion increased.

Real-World Use Cases

"While the threat intelligence team was monitoring dark web forums, we discovered a list that appears to be our customer database being put up for sale. We have begun identifying the source of the leak and convening the incident response team."

Historical Background

Tor (The Onion Router), the foundation of the dark web, originates from anonymous communication technology developed by the U.S. Naval Research Laboratory in 2002. It was initially intended to protect government communications, but in 2011 the black market "Silk Road" appeared, and the criminal use of the dark web became widely known. Although Silk Road was shut down by the FBI in 2013, successor black markets such as AlphaBay and Hansa Market subsequently emerged one after another. In recent years, "double extortion" has become mainstream, in which ransomware groups set up leak sites on the dark web and publish the data of victims who refuse to pay the ransom.

The Dark Web and Password Leaks

Passwords leaked through a data breach are bought and sold on marketplaces on the dark web. Billions of account credentials are compiled into lists and used in credential stuffing attacks. Leaked passwords can sometimes circulate on the dark web within just a few hours.dark web and cybercrime books on Amazon can help you learn about the reality.

How to Protect Yourself

The most effective countermeasure is to use a different random password for each service. Even if one service is breached, the others are not affected. It is also important to regularly check, using services such as Have I Been Pwned, whether your email address is included in any leak lists.privacy protection books (Amazon) are also a useful reference.

Related Terms

Was this article helpful?

XHatena