AT&T & What is the Dark Web?
Information from 73 million current and former AT&T accounts appears to have been leaked onto the dark web. This announcement was issued by the communications company directly in late March. AT&T is warning that the data set can be used for illegal activity as the information included Social Security Numbers, passcodes, phone numbers, email addresses, full names, dates of birth, and mailing addresses. AT&T went on to reset the passcodes of 7.6 million current customers and is investigating the incident with the help of cybersecurity experts. It is not yet known if the data came from within AT&T or one of its vendors. The company claims they will notify all customers (by email or letter) whose data was leaked and will pay for credit monitoring when applicable.
Few things cause anxiety like finding out that your personal information has been exposed in a data breach and may be available for purchase on the dark web. We are going to discuss the dark web this month. It is increasingly important to know what to do in order to protect yourself from devastating fraud and identity theft. When somebody steals your information and leaks it on the dark web, several things could happen such as: Identity theft, impersonation, financial loss, targeted scams, account takeovers, legal issues, reputational damage, and a drop in your credit score.
The dark web is a hidden network of unregulated websites that provides anonymity and requires specialized software to access. Much of the material found on the dark web is encrypted or otherwise protected. Accessing the dark web itself is not illegal but some of the activity that occurs on the dark web is certainly illegal. Visiting certain sites on the dark web or making certain purchases is illegal which is why most people think of crime when discussing the dark web in comparison to the World Wide Web. There is a hotbed of stolen information on the dark web that includes stolen credit card and banking information, counterfeit money, stolen login credentials, stolen government data, tax account numbers, driver license information, medical records. pirated movies, firearms, and pornography. The dark web is also used for activism, anonymous browsing, journalism, private communication and even whistleblowing. Law enforcement agencies also use the dark web to identify, surveil and shut down criminal activity.
To use the dark web, it is recommended that you install a VPN (Virtual Private Network) and download a dark web browser – most people use Tor (The Onion Router) or I2P (The Invisible Internet Project.) Tor works by sending encrypted traffic through layers of relays around the globe as it hides content, hides the sender and their location. Fun fact: No one really knows when the actual dark web first emerged, but the Tor browser was initially developed by the US Navy. Its goal was to allow ships to communicate with each other and their bases without revealing their location.
LifeLock from Norton warns us that if you visit dark web websites without knowing what you are doing, you may experience legal consequences. Governments around the world are cracking down on dark web marketplaces. You may find yourself exposed to malware infections, get scammed out of money or face possible blackmail. Other users in the dark web can leak your personal information and steal your identity. Many experts suggest that visiting the dark web is not worth the risk for the average user. You may be able to buy legitimate products and services on the dark web, but anonymity works both ways. If you pay for something and it never arrives, you may not be able to track down the seller to get your money back. The dark web is a popular place for scammers and given its relationship with crime, there are Internet Service Providers (ISPs) and other companies that automatically block Tor traffic.
The bottom line: All 50 states currently have some form of data breach legislation on the books that detail notification requirements on how a business or a government must inform those affected of a data breach. Companies are collecting more of Americans’ data than ever before, and it is often legally sold and resold through data brokers. Commercial data brokers and other companies can sell this data to other countries or companies controlled by foreign governments. This sale of Americans’ data raises significant privacy and security risks especially for those in the military or those in the national security community. Half of all Americans believe their personal information is less secure than it was five years ago. The United States lacks a single, comprehensive federal law that regulates the collection and use of personal information. The government has approached privacy and security by regulating only certain sectors and types of sensitive information.
This AT&T breach has affected one in five Americans. An AT&T customer from Ohio has already launched a class-action lawsuit against the carrier for failing to implement industry-standard cybersecurity procedures to protect sensitive and valuable personal information. The lawsuit notes that cyber criminals may have been circulating stolen AT&T customer data as far back as 2021. The lawsuit is also urging the court to force AT&T to pay damages, monetary relief and pay for lifetime credit monitoring to the affected consumers.
Security experts continue to emphasize that you should place a credit freeze with each of the national credit bureaus to restrict access to your credit report. It can help prevent thieves from opening new credit cards or taking out loans in your name. A credit freeze cannot stop all criminal activity. If identity thieves have gained access to your credit card account, they can use your card to make fraudulent purchases. It is imperative to monitor your bank and credit card statements regularly. Thieves will use stolen credit cards and test the water by making a small transaction amount. Any suspicious activity needs to be reported immediately. With any major data breach, remember to be mindful of phishing scams. Bad Actors claiming to be AT&T will start their phishing campaigns. They undoubtedly will ask you for your personal information. Stay on alert.
You can purchase identity theft protection and dark web monitoring for a fee. For example, LifeLock from Norton claims “To provide wide-ranging monitoring and alerts, making it useful if you don’t have the time or desire to monitor your own credit accounts for suspicious activity.” It searches the dark web for your data. Dark web monitoring services scan hundreds of thousands of websites each day to look for personal information. Norton, Identity Guard, Aura, Google One, Last Pass, ID Shield, Identity Force, Experian are a few of the monitoring services found online. Some credit card issuers also offer identity protection to their cardholders.
Recognize however, that even the best identity theft protection cannot prevent a data leak. These scanning services do not remove stolen data from the dark web, they only alert you if any personal data is found. What these service providers do not tell you is that many of the stolen credentials that get reported on have already been abused, used, and resold multiple times. It is already too late for the user to do much about their stolen data. No dark web monitoring tool can catch a hack or breach as soon as it happens, and it is impossible to scan the whole dark web for your information. It goes without saying, security should be a regular part of your online routine. Use strong passwords, enable two-factor authentication, make sure your antivirus protection is up to date and run security scans on all your devices. Monitor your financial statements and unfortunately, your credit reports as well.
Two Techs – your locally owned computer support company. Find Two Techs on the web at www.twotechs.com or email us at: support@twotechs.com or call 352-200-2365. USF, MIS, MCP, A+, Network+ & CISSP
(References used Washington Post, Bleepingcomputer, Chase, Digital trends, ZDnet, Computerworld, Lifelock, TechCrunch, Money, Forbes)