Dark Web Monitor found that 62% of its users have their data leaked on the dark web
The newest data from NordVPN’s Dark Web Monitor feature shows that the number of breached companies remains high, but the number of users affected by those leaks has decreased 18 times since 2019. However, with the data of nearly two-thirds (62%) of Dark Web Monitor users available on the dark web, the risk of data theft is still very high.
In 2019 the average number of users affected in a breach amounted to 9.3M per incident. In 2022, this number decreased to 497K per incident.
Furthermore, we noticed that the number of large-scale breaches affecting lots of customers has declined. In 2019, around a third of breaches affected more than 1M users. In 2020, this percentage dropped to 18%. In 2021, only 10% of breaches affected millions of users. In 2022, this number is even smaller — 7%.
“On the one hand, this is great news. On the other hand, we don’t see cybercrime slowing down because of those numbers. A recent report by Verizon showed that around 50% of security incidents in 2021 happened due to leaked credentials. So criminals continue to reuse and exploit the data that was leaked on the dark web in the past,” says Daniel Markuson, cybersecurity expert at NordVPN.
Breaches are High in Regularity But Affect Far Fewer Consumers
The researchers at NordVPN analyzed data breaches with a known incident date, which make up around 7% of data breaches. However, this still allows us to see a clear trend — consumers are affected by company breaches much more rarely.
The chart below shows breaches increased from 2012 until 2018, with 2018 and 2019 experiencing a slight decrease. In 2020, the number of breached companies reached a peak because of the Covid-19 pandemic and companies becoming more vulnerable.
Looking at the past two years, the number of attacks on companies remains high. However, most data breaches affected fewer than a million users, potentially because companies invest significant resources into securing their customers.
Below is a graph showing leaked phone numbers and email addresses per incident. While the number of leaked records per incident was very high in 2019 (at least 9.3M users affected per incident), it has dropped 18 times since then.
Users Still Make Themselves Vulnerable with Terrible Digital Hygiene
According to Dark Web Monitor data, 62% of its users have had their data breached on the dark web. But even though the Dark Web Monitor team works hard to alert users — people still choose to ignore the alerts and don’t change their habits.
“Most businesses are doing everything in their power to protect customers’ data. So when companies get hacked, consumer data is rarely affected. But users still have a lot to learn because human error causes 95% of cybersecurity incidents,” says Daniel Markuson, a cybersecurity expert at NordVPN.
Below, Markuson lists the number of ways users can stop criminals from exploiting user data that was leaked on the dark web in the past:
- Practice digital hygiene. Digital hygiene includes changing passwords to your most important online accounts at least twice a year, clearing cookies and browsing history regularly, deleting accounts you don’t use, and enabling MFA.
- Be aware of social engineering attacks. Criminals can find personal details such as your name, address, birth date, and phone number as well as email addresses leaked on the dark web. So when they contact their victims, their emails could sound very trustworthy. Grammar mistakes, strange-looking links, and attachments often reveal that the email is from an attacker.
- Use tools like Dark Web Monitor. Tools likeNordVPN’s Dark Web Monitor leave no room to second guess and inform users if their data was found in a data leak. That way, a person can utilize extra security measures to secure online accounts.
The methodology of the research can be found here:https://nordvpn.com/blog/dark-web-monitor-data-why-are-data-leaks-decreasing/