Free Dark Web Report from Experian – Part Two

On Monday we started an investigation into the free dark web scan that is being offered by credit agency Experian.  Again, this is NOT Equifax, who breached our information last year.  This is a different credit agency.

When we ran the free scan on Experian, they found three results.  But I knew there was more to find, because I had already performed a similar search a couple times in the past on the well known and popular site  So I performed a new scan there, and this is what they found:

  • Anti Public Combo List from December 2016.  (Looks like a Dark Web rainbow table)
  • URL shortening site Bitly from May 2014.  This is the first time this appeared in a report for me.
  • Daniweb from 2015
  • from 2016 (another rainbow table)
  • Forbes from February 2014.
  • Professional social network LinkedIn from May 2016.  (If you are on LinkedIn, this probably affected you too.)
  • Onliner Spambot from August 2017.  This spambot contained 711 million unique email addresses.  Based on the size of this list, you could be in this one too.
  • Quinstreet from late 2015, a marketing information site.  That’s right, a company that stalks you around the Internet and help advertisers server up personalized ads. Thanks, guys.
  • River City Media spam list from 2017.  This is a small community newspaper group who operates in the area that I live, so a pretty local connection to me.

I decided to try another email address of mine on Experian, and this report came back with no results.  A quick scan on HaveIBeenPwned verified that result.

And again, nothing from the Equifax breach.  What this means is that the perpetrators of that breach are probably sitting on the information trove for a year or so to let the data “cool off” and to let some of the free and paid credit monitoring that people have signed up for expire.  I will be continuing to look for that information to appear on the Dark Web.

On Friday we will finish this series, by looking at what this offering is really all about, and whether is is something you should consider for your own cybersecurity.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.