It is difficult to keep up with the vast number of cyberattacks and data breaches that seem to occupy every news cycle. It can be exhausting to track which websites have accidentally compromised data and which passwords need to be changed. Even brick and mortar transactions can lead to a loss of sensitive information such as credit card details. Unfortunately, the frequency with which data becomes compromised does nothing to lessen the seriousness of the potential consequences. Cybercriminals are counting on fatigue and waiting to steal money, abuse victim’s credit, and possibly even assume their identities. It is frighteningly easy for information to be bought and sold as part of the dark web’s estimated $1.7 billion dollar industry. While this is cause for significant concern, there are simple steps that everyone can take to improve their cybersecurity and minimize the damage in the event that their data is used fraudulently.
What Happens to Data After It’s Been Breached?
A recent RSACTM 2025 webcast, From Hack to Sale: The Journey of Stolen Data details the ways victim information is bought and sold on the dark web. Matthew Maynard, Analyst and Security Incident Response III at BJC, takes on the role of cybercriminal and walks the audience through the websites and forums that hackers use as a means for transactions. After exfiltrating the data from a secure source, the first step is to join a forum and advertise the information for sale. These forums operate similarly to most regular forums with posts, announcements, lounges, and moderators.
After creating an account, the data is used to build a post in the marketplace. This is where dark web forums deviate from standard sites. As Maynard explains, “Marketplace = seller’s paradise. Selling anything from stolen credentials, databases, VPN credentials, and more.” After posting, sellers reach agreements with interested parties who typically pay through one of two methods. Due to the reasonable suspicion of unscrupulous behavior on the part of both buyer and seller, a third-party escrow service is often employed to ensure that the buyer is satisfied before releasing payment to the seller. The other payment method is a credit system that is specific to the website. Credits can either be bought with bitcoin or earned through participation such as posting or replying to others’ posts. After payment is made, the stolen personal information is now in the hands of another bad actor who is looking to exploit victim information. As Maynard explains, “That’s how much your life is worth on the dark web - just a few credits.”
Four Ways to Protect Personal Information (even if it’s been part of a data breach)
While it can be discouraging to see how simple it is for data to change hands from one bad actor to another, there are steps that everyone can take to safeguard their personal information and minimize the damage in the event of a breach.
1. Change Passwords Regularly. Good password maintenance is a fundamental aspect of cybersecurity. It is important to use unique, strong passwords for every account. While there are no hard and fast guidelines concerning how regularly users should change their passwords, Hugh Thompson, Executive Chairman at RSAC, changes his every six months as a “deep-clean of his identity.” It is also recommended to use a password manager and enable two-factor authentication whenever possible.
2. If data’s been compromised. File an online report with the Internet Crime Complaint Center (IC3) - Unfortunately, it is a matter of when, not if, information will be compromised in a data breach. If information is used fraudulently, it is important to notify the Internet Crime Complaint Center. By filing a complaint, victims are helping the FBI to recognize trends in cybercrime and alerting them to novel attacks. This will enable them to respond more quickly and efficiently and provide greater cybersecurity for everyone.
3. Visit IdentityTheft.gov. In addition to reporting to IC3, it is also important to notify the Federal Trade Commission in instances of identity theft. Not only will reported information help them better prepare to fight cybercrime, it will also provide them with the necessary information to help victims build a personalized plan to recover from identity theft and monitor their progress along the way.
4. Restart mobile devices. Even the most cybersecurity savvy individual can accidentally click on a spam link from time to time. This can give threat actors access to a mobile device, “but restarting your phone can essentially kick them out,” says Thompson. He automates the task to take place during sleeping hours.
Security Is Everyone’s Responsibility
Instances of cybercrime continue to soar due to their profitability. Criminals are constantly adapting to rapid advances in technology in ways that allow them to attack a greater number of targets in shorter periods of time. It is important that everyone does their part to create a safer, more secure digital world that discourages these bad actors and prevents them from gaining footholds that can be used to gain access to sensitive information.
The best way to stay ahead of cybercriminals is by staying up-to-date on the latest approaches such as Romance Scams, in which attackers will try to create an emotional connection with their victims by falsifying shared experiences. This approach “is scamming 101 and it’s super effective,” according to Petros Efstathopoulos, Vice President of Research at RSAC. To read more from Efstathopoulos and to stay up to date on everything cybersecurity related, visit the full library at RSAC.