Dark Web Compromise FAQs

Question: That is not my current password, I do not use it anymore.

Answer: We provide historical as well as real-time data. At one point in time, there was risk associated with these credentials and there could still be. The password or personal information could be used in a phishing exercise.

Question: That email address is no longer in use or has never been used.

Answer: An email address that is not a valid email within the organization may be a signal that the cybercriminal is attempting a phishing attack on the organization. This is absolutely a reason for concern, as it’s likely there has been an active attempt at an attack.

Question: I have never used that password.

Answer: In most cases when a password is coming up that an individual has never used, they have either forgotten they’ve used it before, someone is testing a password, or someone is creating a fictitious account for fraudulent purposes. The password listed in the report may be the encrypted version and is often easily decrypted. Contact NWG if you have questions about a specific password or wish us to provide the full password over the phone or through an encrypted email.

Question: What does it mean when a password has a long series of random numbers and letters?

Answer: This means the password was published as “hashed” (still encrypted). Hundreds of encryption dictionaries are readily available on the Web, and it is common for these passwords to be “cracked” or decrypted and available on multiple 3rd party websites.

Question: Why should I care if the password is encrypted?

Answer: While initially a breach might include encrypted data, the data is only safe if the encryption key has not been published or provided to the buyer. 164 million records were exposed in the LinkedIn breach for example. The passwords in the breach were stored encrypted, the majority of which were quickly cracked.

Question: The employee no longer works here, why should I care?

Answer: The report includes historical data, and you will see employees who no longer work at the organization. At the very least this should provide the opportunity to make sure all their permissions have been removed.

Question: Where does the data come from?

Answer: 

• Dark Web Chatrooms
• Hacking Sites
• Hidden Theft Forums
• Peer-to-Peer file sharing programs and networks
• Social Media Posts
• Compromised data harvested through Malware
• Command and control (C2) servers

Question: Can I track personal email accounts for compromises?

Answer: We allow tracking for up to five personal email addresses per organization, in addition to all emails on the company domain. Let us know if you need more than five.

Question: Are Cloud storage and websites safe?

Answer: There can be as much risk to your data within a Cloud environment as there is when it resides locally within your own servers.

Question: Can I search the Dark Web myself?

Answer: Yes, however we strongly recommend against browsing the Dark Web. The Dark Web requires the use of a “TOR” browser, and a VPN is recommended. Avoid the Dark Web unless you are a security professional that is familiar with methods to prevent attacks.

Question: Can the data be removed off the Dark Web?

Answer: The simple answer is no. The information is in the public domain now.