Free Dark Web Report from Experian – Part Two

On Monday we started an investigation into the free dark web scan that is being offered by credit agency Experian.  Again, this is NOT Equifax, who breached our information last year.  This is a different credit agency.

When we ran the free scan on Experian, they found three results.  But I knew there was more to find, because I had already performed a similar search a couple times in the past on the well known and popular site  So I performed a new scan there, and this is what they found:

  • Anti Public Combo List from December 2016.  (Looks like a Dark Web rainbow table)
  • URL shortening site Bitly from May 2014.  This is the first time this appeared in a report for me.
  • Daniweb from 2015
  • from 2016 (another rainbow table)
  • Forbes from February 2014.
  • Professional social network LinkedIn from May 2016.  (If you are on LinkedIn, this probably affected you too.)
  • Onliner Spambot from August 2017.  This spambot contained 711 million unique email addresses.  Based on the size of this list, you could be in this one too.
  • Quinstreet from late 2015, a marketing information site.  That’s right, a company that stalks you around the Internet and help advertisers server up personalized ads. Thanks, guys.
  • River City Media spam list from 2017.  This is a small community newspaper group who operates in the area that I live, so a pretty local connection to me.

I decided to try another email address of mine on Experian, and this report came back with no results.  A quick scan on HaveIBeenPwned verified that result.

And again, nothing from the Equifax breach.  What this means is that the perpetrators of that breach are probably sitting on the information trove for a year or so to let the data “cool off” and to let some of the free and paid credit monitoring that people have signed up for expire.  I will be continuing to look for that information to appear on the Dark Web.

On Friday we will finish this series, by looking at what this offering is really all about, and whether is is something you should consider for your own cybersecurity.



About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment