Pwned: Exposed on the Dark Web
“Pwned” is a deliberate typo for the word, “Owned”. “To Pwn” has its roots in the computer games world; it means to beat someone comprehensively.
Email addresses on the dark web are available to hackers and spammers. At the very least you’ll be getting unwanted emails. The worst case: you’re on the way to getting your identity stolen.
A President Pawned
Yesterday I received an email from the president of an organization for which I do voluntary work. It said, “Do you have a moment I have a request I need you to handle discreetly. I am going into a meeting now, no calls so just reply my email.”
I checked the email address and, needless to say, it wasn’t from the president at all.
Since the committee members all received a similar mail, my first thought was that someone has hacked the account. However, it’s easy to check, so I did.
Pwned in Data Breaches
A “data breach” is where information has been exposed to public view, either intentionally or not. Turns out that the president’s email address was exposed in two data breaches, now available on the dark web.
president@ First Breach
The first was back in 2017, when the address was used by the previous president. This may have exposed the email address and password. I say, “may”, because it may be just the email address that’s exposed, without the password.
president@ Second Breach
The second is more serious and more recent: February 2019. Whilst it doesn’t include email addresses, it does have dates of birth, employers, genders, geographic locations, IP addresses, job titles, names, phone numbers, physical addresses. An email validation service, verifications.io, was hacked. To check an email address is valid, services like this comb all public records to build a comprehensive profile of the person behind the address.
Personal Data Available on the Internet
You’d be surprised how much of your personal data is available to on the internet. Records may be public, such as Companies House, the electoral roll, telephone directories, even on your own website. Or easily accessed, like Facebook and LinkedIn. Or may be given securely, in good faith, and then sold under the cover of small print, a practice used by some DNA profiling websites, for example.
Check Your Own Data Breaches
Check your email address at Have I Been Pawned. Enter your address here, and it’ll scout the dark web and list data breaches that contain it. Check all your addresses if you have more than one.
Check regularly using their monitoring service, which sends alerts to your inbox if it spots any of your addresses on the dark web.
Protect Your Identity
- change your password on any breached websites, or delete your accounts
- make sure your anti-virus software and firewall are always up to date
- use strong passwords (HM Government has tips for staying safe online)
- use a Password Manager to generate, save and protect strong passwords (free password managers here)