Researchers have uncovered hundreds of millions of compromised records on the dark web, linked to nearly 800 individual data breaches so far this year.
The findings come from a new monitoring and reporting service launched today by email and VPN provider Proton, in partnership with Constella Intelligence.
The Data Breach Observatory is built on real-time dark web monitoring which scours cybercrime sites for evidence of breached records up for sale.
So far this year, it has recorded more than 300 million such records, linked to 794 incidents, according to Proton. If aggregated datasets are included, the figures rise to 1571 incidents and hundreds of billions of records.
SMBs appear to have been singled out by threat actors this year. Companies with 10-249 employees accounted for nearly half (48%) of all breach incidents, while those with fewer than 10 employees comprised a further 23% of recorded breaches.
Read more about cyber-attacks targeting SMBs: Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
Retail and wholesale trade were the most frequently targeted sectors, accounting for a quarter (25%) of breaches. Next came technology providers (15%), and media and entertainment companies (11%).
The most commonly stolen data found by Proton was:
- Email addresses, featuring in 100% of exposures
- Names (90%)
- Contact information, such as phone numbers or addresses (72%)
- Passwords (49%)
- Sensitive information such as government records or health information (34%)
Lifting the Lid
Proton claimed that its new service will help raise public awareness of the fast-growing market for stolen data, and empower individuals and corporate victims to proactively mitigate the fallout from serious breaches.
In this regard, it may even help to provide early warning signs of an incident before the breached company has discovered or disclosed such information.
“Our mission with the Data Breach Observatory is simple: to reveal unseen breaches and to alert affected businesses and organizations as they happen. This is part of Proton’s drive to empower organizations and individuals with the tools to protect themselves,” said Proton director of engineering, AI & ML, Eamonn Maguire.
“If your credentials are compromised, receiving timely alerts is essential to secure your accounts, prevent identity theft, and minimize financial losses.”
Dark web monitoring of this sort is nothing new. Various vendors offer identity theft services of this sort to individuals and data breach intelligence for organizations.
In January this year, one such company, Cyble, discovered account credentials for 14 cybersecurity providers on the dark web – likely obtained from infostealer logs.
Proton told Infosecurity that the Data Breach Observatory uses a combination of automated tools, curated data feeds and expert human analysts to deliver its findings. Constella continuously monitors various dark web registries where breached information is shared and traded to look for new disclosures.
