Free Dark Web Report from Experian – Part Two

On Monday we started an investigation into the free dark web scan that is being offered by credit agency Experian.  Again, this is NOT Equifax, who breached our information last year.  This is a different credit agency.

When we ran the free scan on Experian, they found three results.  But I knew there was more to find, because I had already performed a similar search a couple times in the past on the well known and popular site  So I performed a new scan there, and this is what they found:

  • Anti Public Combo List from December 2016.  (Looks like a Dark Web rainbow table)
  • URL shortening site Bitly from May 2014.  This is the first time this appeared in a report for me.
  • Daniweb from 2015
  • from 2016 (another rainbow table)
  • Forbes from February 2014.
  • Professional social network LinkedIn from May 2016.  (If you are on LinkedIn, this probably affected you too.)
  • Onliner Spambot from August 2017.  This spambot contained 711 million unique email addresses.  Based on the size of this list, you could be in this one too.
  • Quinstreet from late 2015, a marketing information site.  That’s right, a company that stalks you around the Internet and help advertisers server up personalized ads. Thanks, guys.
  • River City Media spam list from 2017.  This is a small community newspaper group who operates in the area that I live, so a pretty local connection to me.

I decided to try another email address of mine on Experian, and this report came back with no results.  A quick scan on HaveIBeenPwned verified that result.

And again, nothing from the Equifax breach.  What this means is that the perpetrators of that breach are probably sitting on the information trove for a year or so to let the data “cool off” and to let some of the free and paid credit monitoring that people have signed up for expire.  I will be continuing to look for that information to appear on the Dark Web.

On Friday we will finish this series, by looking at what this offering is really all about, and whether is is something you should consider for your own cybersecurity.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.