Nearly two-third of users’ data available on dark web, shows study

The number of personal data breaches has increased dramatically in the recent years. A recently released data from virtual private network (VPN) provider NordVPN’s Dark Web Monitor notes that nearly two-third (62%) of users have had their data breached on the dark web, which refers to encrypted online content that is not indexed on conventional search engines. 

Dark Web Monitor is a cybersecurity feature of NordVPN that runs in the background to help you prevent hackers from exploiting user account information leaked to the dark web. 

The data from NordVPN’s Dark Web Monitor also shows that while the number of breached companies remains high, the number of users affected by those leaks has decreased 18 times since 2019. For instance, in 2019 the average number of users affected in a breach amounted to 9.3 million per incident. In 2022, this number decreased to 497,000 per incident. 

This means hackers are readily gaining access to user data during a data breach, and are using it to steal users’ money or identity. A report published by cyber security firm Kaspersky in June this year showed that cyber criminals may even sell or trade information on the dark web for anywhere between $1 to $2,000. 

Cybersecurity expert at NordVPN do not see cybercrime slowing down anytime soon. “Cyber criminals continue to reuse and exploit the data that was leaked on the dark web in the past,” said Daniel Markuson, cybersecurity expert at NordVPN. 

He mentioned that in 2020, the number of breached companies reached at a peak because of the Covid-19 pandemic and companies becoming more vulnerable. “What’s worse, most companies don’t protect their sensitive data or have traditional security approaches that are largely ineffective, making them vulnerable to cyber-attacks,” Markuson said.  

Looking at the past two years, the number of attacks on companies remains high. However, most data breaches affected fewer than a million users, potentially because companies invest significant resources into securing their customers. 

“Most businesses are doing everything in their power to protect customers’ data. So, when companies get hacked, consumer data is rarely affected. But users still have a lot to learn because human error causes 95% of cybersecurity incidents,” said Markuson. 

The Data Breach Investigations Report published by US-based tech company Verizon in July this year showed that around 50% of security incidents in 2021 happened due to leaked credentials through third-party breaches, phishing attacks, basic web application attacks and system intrusions. 

The report further noted an almost 30% increase in stolen credentials since 2017, and said that “keeping track of stolen credentials is the most tiresome job of security professionals in the last four years”.