Skip to content

Are Your Employees’ Credentials on the Dark Web?

Are Your Employees’ Credentials on the Dark Web?

Even if you don’t know what the “dark web” is, you have probably heard the term being thrown around in an ominous way. Perhaps you’ve even seen those videos on Youtube where people tell all sorts of horror stories involving the dark web? If not, don’t bother. Most of them are pure fantasy. However, the dark web itself is a very real place, and it represents the seediest and most criminal part of the internet. It is the online equivalent of a dark, secluded back alley where only criminals dwell.

What Is The Dark Web?

As the name implies, the dark web is a collective term for the hidden parts of the internet. These are the sites that are not available on any standard search engine, although there are specialized engines that can scan the dark web for specific information. Many of these sites will have an URL that ends with “.onion”. If you ever happen to find yourself on a site like this by accident, leave immediately.

The dark web is accessed via a specialized browser called TOR (“The Onion Router”). It is so named because it uses multiple layers of encryption to protect user data. In addition to this, the data is constantly scrambled in the cloud. Thus, it is possible for outside authorities to tell what is being accessed, but they cannot connect that activity to any specific user.

For example, many people use the dark web to sell illegal items like drugs. The authorities can compromise a single node and see what people are selling. However, they cannot connect that criminal sale to a specific user unless that person is foolish enough to post identifying information about themselves. Unfortunately, drugs are just the tip of the iceberg. For instance, some criminals are known to use the dark web for the sale of illegally harvested human organs.

Corporate Credentials On The Dark Web

There are a lot of horror stories about the dark web floating around on the internet. The dark web has been legitimately connected to many horrendous crimes. Today, we are focusing on one of the smaller crimes that are committed on the dark web: The sale of compromised corporate passwords.

For those who know where to look, there are all kinds of stolen passwords for sale on the dark web. These are most often corporate passwords, simply because those are among the most profitable. When some hacker is looking to compromise your system, they might be able to take a shortcut by purchasing the data on the dark web. In some cases, they don’t even bother to use the dark web, instead choosing to use private groups on social media sites.

It’s hard to put a number on covert crimes like these, but this research paper attempts to do so. They estimate that about 15 billion illicit passwords could be found on the dark web at any given time. This includes data from over 100,000 different breaches. The passwords range from relatively harmless things (like Netflix passwords) to high-level corporate accounts that can actually do a lot of damage in the wrong hands.

You might be wondering how much money people are willing to pay for these stolen passwords? Surprisingly, the prices are usually quite low. Even the “best” accounts are unlikely to cost more than $100.00. Low-priority passwords like those for social media and streaming services will often cost less than $10.00.

Are Your Employees’ Credentials On The Dark Web?

When compared to most cyber-threats, this one is relatively easy to counter. The dark web isn’t exactly public, but it can be accessed and searched by anyone with the knowledge to do so. Thus, the networks that allow hackers a way to sell their exfiltrated data can also be their downfall.

Once you know that a set of login credentials has been compromised and placed on the dark web for sale, you can easily change those credentials and make the “merchandise” useless. Still, this does present certain problems for most people. Most of us don’t even have a reason to access the dark web at all.

There are various third-party services and software tools that have been created for the purpose of searching the dark web. These can be used to either scan or monitor all known parts of the dark web. Because the selling of stolen passwords is among the lesser types of crime found on the dark web, these scanning and monitoring tools are quite effective. For those who need a quick and easy solution, the best thing is probably to enroll in a dark web monitoring service.

Proactive Measures

There are certain measures that can be taken before your passwords start showing up on dark web forums. First of all, make sure that everyone is using strong passwords. Brute force attack software can crack a short password (meaning eight characters or less) in minutes or even seconds. Ideally, you want a password with about 20 characters.

In addition to being long, a password should be as random as possible. It should not be a simple sentence compounded together, as this is easy to crack regardless of length. The use of significant dates (like birthdays or anniversaries) is even worse. What you want is a mixture of letters, numbers, and maybe even some symbols for good measure. It’s also important that you never re-use passwords for multiple accounts. If you do, a small breach can quickly snowball into a much larger one. Passwords are only useful if they are both unique and unknown.


Dark web monitoring has become an essential service for anyone with a lot of sensitive data to protect. By keeping an eye on those shady corners, it is possible to detect a breach and take action before serious harm occurs. It just takes a little bit of vigilance and maybe some expert help. To learn more, you can call PCH Technologies at (856) 754-7500.