Think critically when news outlets report about private data “showing up on the dark web,” because it probably doesn’t mean what you imagine.
Here’s Troy Hunt, a security researcher, writing on TroyHunt.com:
When I hear most folks talk about the “dark web”, I get the distinct impression that they’re thinking about an IRL equivalent; it’s like going down to the docks late at night where you come face to face with shady characters who, on a whim, may cave your head in with a baseball bat.
Hunt goes on to show that the dark web is largely innocuous, allowing people to communicate anonymously. And the criminal portions of the dark web offering personal information for sale? They’re largely re-selling stuff you could easily find using torrents or simple Google searches. In one case the leaked data was publicly available on Reddit four days before someone tried to sell it—only for the media to breathlessly report about it “showing up” for sale on the dark web.
So why do news outlets and security companies play up the dark web so much? Because it sells. Here’s Hunt again:
Every time you see the words “dark web” used, ask yourself this question: what is the emotion the publication wants you to feel? Do they want you to feel scared? Will they sell more security things if you do? Will you be more likely to click through, read the story and become part of the ad monetization campaign? Yes? Then it’s probably FUD.
The entire piece is worth a read, and it starts with a great teardown of scaring looking hacker clip art used by websites (including this one) to drive clicks.