Close Menu
Savannah HeraldSavannah Herald
    • Home
    • News
      • Local
      • State
      • National
      • World
      • HBCUs
    • Events
    • Directories
    • Weather
    • Traffic
    • Jobs
    • Sports
    • Politics
    • Lifestyle
      • Faith
      • Senior Living
      • Health
      • Travel
      • Beauty
      • Fashion
      • Food
      • Art & Literature
    • Business
      • Real Estate
      • Entertainment
      • Investing
      • Education
    • Guides
      • Back to School Savannah
      • Summer Camp Guide
      • Juneteenth Guide
      • Black History Savannah
      • MLK Guide Savannah
    We're Social
    • Twitter
    • Facebook
    • YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Trending
    • The Cure’s Robert Smith Slams World Cup Final Halftime Show
    • Steel pull off first trade in league history, lose sixth straight
    • Vision Benefits in GA With Complement Inhibitor, Regardless of AMD, Anti-VEGF
    • How Steven Bartlett Went From College Dropout to Media Mogul
    • ESPN Extends MEAC-SWAC Challenge Through 2032
    • Packer Devonte Wyatt hosts youth football camp in Decatur
    • Flying To Miami? Here’s Whether To Use MIA or Fort Lauderdale (FLL)
    • African states must protect their citizens from xenophobia and discrimination in South Africa
    Facebook X (Twitter) Instagram YouTube
    Login
    Savannah HeraldSavannah Herald
    Savannah HeraldSavannah Herald
    Home » Your passwords have probably been stolen and sold on the dark web
    Health

    Your passwords have probably been stolen and sold on the dark web

    Savannah HeraldBy Savannah HeraldAugust 28, 20257 Mins Read
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Your passwords have probably been stolen and sold on the dark web
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Health Watch: Wellness, Research & Healthy Living Tips

    Key takeaways
    • Breaches are widespread; Have I Been Pwned reveals many compromised accounts, while paid tools dig deeper into leaked records.
    • Reusing passwords enables automated attacks that access multiple sites; email account takeover is especially damaging.
    • Stolen credentials are sold and resold on the dark web; services like DeHashed can expose actual passwords.
    • Hackers with account access can reset passwords, steal payments, and scam contacts via believable messages from real accounts.
    • Experts like Rory Hattingh and Anish Chauhan recommend unique passwords, a password manager, and regularly checking breach services.

    Hackers are after your personal data, for profit

    EThamPhoto/Alamy

    Make sure you use a good mix of characters. Avoid your pet’s name. Most of all, never reuse a password. We all know the rules for ensuring that the keys to our digital kingdoms remain secure, and we probably all break them – and that is when hackers sweep in to make money from selling your data.

    Marketplaces for stolen personal data thrive on the dark web, sites that lie beyond the borders of the regular internet and can only be accessed through software such as Tor, which was originally designed by US intelligence agencies for covert communications. Not everything there is nefarious – BBC News runs a dark web site for people living under oppressive surveillance, for instance – but a lot of it is.

    To find out more, I turned to Rory Hattingh, an ethical hacker at a company called Evalian, who spends his time breaking into companies – legally – to test security. He tells me there is an “exceptionally small” chance that none of my private data has been leaked by hackers. I have written about technology for long enough to understand how prevalent data breaches are, but being confronted with the stark reality that this includes me is admittedly a bit of a wake-up call.

    Hattingh begins by showing me a website called Have I Been Pwned (a slang term meaning that your data has been compromised), which compiles usernames and passwords shared on the dark web into a single searchable database. I entered my email address and, worryingly, found it had been caught up in 29 hacking attacks.

    The most recent happened in 2024, when the Internet Archive was attacked and my email and password were leaked. My details had also been part of 122 gigabytes of user data scraped from thousands of Telegram channels, as well as a database called Naz.API that was originally posted to a hackers’ forum. Other attacks listed involved stolen postal addresses, job titles, phone numbers, IP addresses, password hints and dates of birth from services including Adobe, Dropbox and LinkedIn.

    In theory, these leaks are of limited value: if LinkedIn, say, is hacked and your username and password are leaked, then that doesn’t affect your Facebook account. That’s unless, of course, you are one of the more than 60 per cent of people who use the same password over and over and over again. In that case, hackers can take these details and leap around the internet, using it anywhere they can think of – usually in a lightning-fast, automated way. Then, says Hattingh, “you’re in a lot of trouble”.

    This could include online shopping with your stored payment details, PayPal account or cryptocurrency wallets. Getting access to one account can also help gain entry to others, with email being the jackpot. Once you can send and receive emails from an account, you can reset passwords and break into all manner of other websites, not to mention household billing accounts and perhaps even online banking. Hackers with access to social media or email accounts can also attempt to defraud friends and family with fake tales of emergencies that require a quick bank transfer. The fact that these are coming from a real account gives these tricks an air of plausibility that can be enough to overcome suspicion until it is too late.

    To make matters worse, although some companies that suffer hacks are swift to inform people and urge them to change their passwords, others can be more sluggish, leaving people vulnerable for months or even years. Hattingh says that in a previous job, for unnamed clients, he would see ransomware attacks that came and went with little panic. These attacks see the victim’s data being encrypted and held to ransom, rendered useless unless you pay the hacker for the password – but increasingly, some companies just see this as the cost of doing business.

    “These companies would get hacked two, three times a year,” says Hattingh. “They’ve got a slush fund for when things go wrong. They pay up and carry on with life. And this is happening all over the world, all the time.”

    As concerning as it was to see my personal data out in the open like this, records on Have I Been Pwned are akin to the mechanically reclaimed meat you might find in chicken nuggets. Hattingh says the premium steak of personal data comes when sophisticated hackers first breach a website and steal a fresh haul to sell on to others, who profit from exploiting it. Once those first buyers have extracted what they can, the data will be sold on again and again. Once the most profitable bits of data have been picked out, the rest may end up being released for free on a hackers’ forum, Telegram channel or some other dark corner of the web, where Have I Been Pwned also picks it up.

    Working my way up the food chain, Hattingh then showed me a paid-for service called DeHashed that offers not only a broad description of breaches like Have I Been Pwned does, but also their actual contents, including passwords. The name of the service refers to the common security process of “hashing”, or obscuring a password to stop it being copied. Dehashing, of course, strips this away. What I thought was the worst case, but I now realise is actually the norm, turns out to be true: at least one of the passwords listed alongside my email address is both familiar and current. In theory, there had been nothing to stop hackers – or anyone with a passing interest – logging into at least one of my online accounts.

    DeHashed is a paid service, costing $219.99 a year, which purports to be for “law enforcement agencies and Fortune 500 companies”. I contacted the company to ask if they are concerned that their tool, which admittedly only collates details leaked elsewhere, could be useful for hackers as well as security workers. I received no response.

    I decided I had to go deeper into the dark web. I spoke to Anish Chauhan at Equilibrium Security Services, who showed me the results of a search performed by his team’s bespoke software, which crawls even wider and deeper than the commercial tools I had seen so far. He had found 24 passwords linked to my online accounts.

    “Users might say, ‘I’ve got a 200-character password, no one’s ever gonna brute force that’,” says Chauhan. “But say they then use that on every single website they use. It kind of makes it irrelevant really, because it’ll eventually get breached. As humans, we just take the path of least resistance, you know?”

    Chauhan says the solution is relatively simple and that we have all heard it before: use a different password for every single account. Having seen how my details have been widely shared, it becomes starkly clear why this is important.

    The thing is, the tools to make this easy are already there – most modern devices and internet browsers should come with a password manager that generates random strong passwords and remembers them all for you. If you are concerned that your passwords have already leaked, it might be worth checking out Have I Been Pwned or paying for more extensive services that scour the nefarious regions of the internet for evidence of a leak.

    In recent years, I have used a password manager to generate strong passwords and organise them for me, but I realise that some services I have used for a long time have been allowed to fester with old and hacked logins. I spend an evening rectifying that, not least because I want to be prepared before this article is published.

    But I’m not beating myself up too much. Faced with endless demands to come up with new login details, it is no wonder we sometimes take the easy way out. I am certainly not alone in doing so.

    “I’m a pretty tech savvy person, and I barely change my passwords,” says Hattingh. “For work, I change it, but in my personal life, I’m a little bit more lazy.”

    Topics:

    Read the full article on the original source


    Related Posts

    • Rivalry Week: Savannah State Faces Edwards Waters | Savannah Herald
    • ‘Grandpa Thinks It’s the 1960s’: White Man Caught on Video Using N-Word with Hard ‘R’ Sparks Backlash Online and Condemnation from New York Restaurant
    • 10 Purple Gem stones for Critically Regal Vibes
    • Airbus Is Ordered to Inspect 16 Jets After Cracks Are Found in Wings
    • Is cursive writing still taught in Georgia schools?
    • 9 Shirley Horn Songs That Showcase Her Timeless Jazz Genius. – ThyBlackMan.com
    • 5 Takeaways from “The Plastic Detox” on Netflix That We Can’t Ignore
    • THE BEST LOW-HEELED SANDALS FOR SUMMER
    Disease Prevention Fitness and Nutrition Fitness Trends Health News Health Policy Healthcare Innovation Healthy Habits Healthy Living Immune Health internet Lifestyle Medicine Medical Breakthroughs medical research Men's health Mental Health Awareness Nutrition News Public health Security Self-Care Strategies Stress Management Wellness Tips Women's health
    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Savannah Herald
    • Website

    Related Posts

    Health July 19, 2026

    Vision Benefits in GA With Complement Inhibitor, Regardless of AMD, Anti-VEGF

    July 19, 2026

    How to pack a cooler (because you’re probably doing it wrong)

    Health July 18, 2026

    Safety fears limit Ebola response in Congo, with more than 12 attacks recorded

    Health July 18, 2026

    Watch: ‘Robust’ Primary Care, Transparency Top Employers’ Reform Wish List

    Health July 18, 2026

    Cyclospora Investigation Turns to Farms in Mexico

    Health July 17, 2026

    Insurers Hedge on Trump-Backed Pledge To Improve Denials Process

    Comments are closed.

    Don't Miss
    Health August 28, 2025By Savannah Herald04 Mins Read

    BIAB Nails Are the Longer-Lasting, Good-for-Your-Nails Alternative to Gel and Shellac

    August 28, 2025

    Health Watch: Wellness, Research & Healthy Living Tips Gel, acrylics, and shellac, step aside. If…

    Seasonal Switch 2 sales show significant slowing as annual cycle sunsets

    April 20, 2026

    Crispy Tofu Banh Mi With Pickled Veggies

    August 28, 2025

    A Life Led by Intentionality

    August 28, 2025

    Men’s Basketball Announces 2026-27 Signing Class

    July 4, 2026
    Archives
    • July 2026
    • June 2026
    • May 2026
    • April 2026
    • March 2026
    • February 2026
    • January 2026
    • December 2025
    • November 2025
    • October 2025
    • September 2025
    • August 2025
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    Categories
    • Art & Literature
    • Beauty
    • Black History
    • Business
    • Climate
    • Culture
    • Education
    • Employment
    • Entertainment
    • Faith
    • Fashion
    • Food
    • Gaming
    • Georgia Politics
    • HBCUs
    • Health
    • Health Inspections
    • Investing
    • Lifestyle
    • Local
    • Lowcountry News
    • National
    • National Opinion
    • News
    • Politics
    • Real Estate
    • Senior Living
    • Sports
    • State
    • Tech
    • Traffic
    • Transportation
    • Travel
    • World
    Savannah Herald Newsletter

    Subscribe to Updates

    A round up interesting pic’s, post and articles in the C-Port and around the world.

    About Us
    About Us

    The Savannah Herald is your trusted source for the pulse of Coastal Georgia and the Low County of South Carolina. We're committed to delivering timely news that resonates with the African American community.

    From local politics to business developments, we're here to keep you informed and engaged. Our mission is to amplify the voices and stories that matter, shining a light on our collective experiences and achievements.
    We cover:
    🏛️ Politics
    💼 Business
    🎭 Entertainment
    🏀 Sports
    🩺 Health
    💻 Technology
    Savannah Herald: Savannah's Black Voice 💪🏾

    Our Picks

    Legendary Jazz Musician, Sonny Rollins, Has Passed Away

    May 27, 2026

    Understanding Medigap’s Foreign Travel Benefits: What’s Really Covered?

    June 8, 2026

    Chicago’s Mayor Claps Back at Trump Deeming the City the Next ICE Target

    August 28, 2025

    Savannah Charter School Approved for Local Students

    June 28, 2026

    Payment Options for Individuals Who Owe Past-Due Medicare Premiums

    March 24, 2026
    Categories
    • Art & Literature
    • Beauty
    • Black History
    • Business
    • Climate
    • Culture
    • Education
    • Employment
    • Entertainment
    • Faith
    • Fashion
    • Food
    • Gaming
    • Georgia Politics
    • HBCUs
    • Health
    • Health Inspections
    • Investing
    • Lifestyle
    • Local
    • Lowcountry News
    • National
    • National Opinion
    • News
    • Politics
    • Real Estate
    • Senior Living
    • Sports
    • State
    • Tech
    • Traffic
    • Transportation
    • Travel
    • World
    Copyright © 2002-2026 Savannahherald.com All Rights Reserved. A Veteran-Owned Business

    Type above and press Enter to search. Press Esc to cancel.

    Manage Consent
    To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}
    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.

    Sign In or Register

    Welcome Back!

    Login below or Register Now.

    Lost password?

    Register Now!

    Already registered? Login.

    A password will be e-mailed to you.