Unmasking the Dark Web

Laptop and padlock. Concept of computer security./Computer securityImage: Laptop and padlock. Concept of computer security./Computer security

Understanding what it is and how we’re here to help

Everyone deserves to feel confident about their finances. We believe that confidence shouldn’t cost money. Fraud is a huge problem that can undermine your financial confidence and cost you a lot of money. In 2017 alone, there were 1.1 million fraud reports costing Americans more than $900 million.

Just as understanding credit scores can be confusing, intimidating, and costly, many people don’t know where to start when it comes to protecting themselves against fraud. It feels vulnerable: how do I know if something about me is out there, and what do I do to get it back? To solve for this, we launched Identity Monitoring, a completely free tool to help consumers monitor fraud and take control of their information. At launch, we found that this problem was more widespread than we’d guessed: more than 50 million Credit Karma members had been involved in another company’s public data breach.

What the heck is a public breach anyway?

A public breach is when a company loses personal information that they were supposed to control and keep safe. After investigation, the company is required to notify those who were impacted. Last year, there were a total of 5,207 breaches worldwide, impacting 7.89 billion data records.

Why does this happen?

Often times, consumers’ personal information is stolen from companies for profit. This stolen information can be sold and used to open accounts in your name or make purchases using your login credentials. But hackers aren’t the only ones responsible. Sometimes companies just accidentally expose information where anybody with the web address can access it.

Does it happen to everybody? No, but two out of three Americans are worried about having their identity stolen. So, we’re building tools and educational resources that enable our members to monitor and protect their identity.

Have you heard of the dark web?

Like public breaches, information leaked on the dark web is lost by a company and made available for others. The difference: dark web breaches are not made public. This is generally the result of an ongoing investigation of a breach or uncertainty about where the personal information came from. For example, Panera Bread and Saks Fifth Avenue both announced they may have lost customer information, but what exactly was lost and who was impacted has not yet been made public.

Image:

We now monitor the dark web for all our members, for free.

This information is hard to track down, and the potential consequences of not knowing are too dire. That’s why we now monitor the dark web for our more than 80 million members. At launch, we found that more than 30 million of our members have had at least one exposed password on the dark web. Login credentials are the most popular pieces of information we found and we want to help all of our members take action to protect themselves.

The higher your score, the more vulnerable you are

One insight we were able to find is that fraud might not affect everyone equally. When looking at the data, we see that the higher our member’s credit score, the more likely they were to have lost their account password(s). We’re not exactly sure why this is the case, but here are two potential causes:

  1. Older individuals tend to have higher credit scores and longer internet histories. If somebody has been active on the internet for 20 years they are more likely to have more accounts, which increases exposure.
  2. Hackers might disproportionately seek information from services that have members with higher credit scores. When information is illegally sold, there is more value to an individual with a higher credit, so it would be in the hacker’s best interest to target their effort.

Both of these are guesses and the answer might be a combination of the two or something else.

How can you defend yourself?

While these statistics may have you more scared than you were five minutes ago, I can assure you that there is plenty you can do and we’re here to help. Credit Karma makes it easy for you to monitor your credit and your identity for free. Combined, these tools help keep you informed about how exposed you are and if your financial health is at risk.

I encourage you to check out our Identity Monitoring feature to see if there’s anything you should be aware of. You can see if your email address is associated with public data breaches or stolen passwords, and get advice on how to protect yourself. Don’t forget to check back in; we will continue investing in our free monitoring service to help you protect yourself.

Identity Monitoring can be found under the resources tab on the web homepage. On mobile, you can locate this feature in your settings. If you believe you have been a victim of fraud already, you can visit the FTC’s guidance on the best next steps.

Adam Boender,

Product Manager

Back to all commentary