On Monday we started an investigation into the free dark web scan that is being offered by credit agency Experian. Again, this is NOT Equifax, who breached our information last year. This is a different credit agency.
When we ran the free scan on Experian, they found three results. But I knew there was more to find, because I had already performed a similar search a couple times in the past on the well known and popular site HaveIBeenPwned.com. So I performed a new scan there, and this is what they found:
- Anti Public Combo List from December 2016. (Looks like a Dark Web rainbow table)
- URL shortening site Bitly from May 2014. This is the first time this appeared in a report for me.
- Daniweb from 2015
- Exploit.in from 2016 (another rainbow table)
- Forbes from February 2014.
- Professional social network LinkedIn from May 2016. (If you are on LinkedIn, this probably affected you too.)
- Onliner Spambot from August 2017. This spambot contained 711 million unique email addresses. Based on the size of this list, you could be in this one too.
- Quinstreet from late 2015, a marketing information site. That’s right, a company that stalks you around the Internet and help advertisers server up personalized ads. Thanks, guys.
- River City Media spam list from 2017. This is a small community newspaper group who operates in the area that I live, so a pretty local connection to me.
I decided to try another email address of mine on Experian, and this report came back with no results. A quick scan on HaveIBeenPwned verified that result.
And again, nothing from the Equifax breach. What this means is that the perpetrators of that breach are probably sitting on the information trove for a year or so to let the data “cool off” and to let some of the free and paid credit monitoring that people have signed up for expire. I will be continuing to look for that information to appear on the Dark Web.
On Friday we will finish this series, by looking at what this offering is really all about, and whether is is something you should consider for your own cybersecurity.