No credit card required
Browse credit cards from a variety of issuers to see if there's a better card for you.
I received an alert saying my email was compromised due to a website breach. I'm just curious how capital one is able to scan the dark web... Does anyone have a hunch?
From my understanding. What they do is take your information and search the internet or any website they consider risky and compiled it into a report for you to view.
All of the monitoring services provide this. Look for password revealed.
email address located is going to be common if you register at sites.
I had a dark web alert a few years back and reset all of my passwords just to be on the safe side based on feedback from forum members here. I also locked my credit as an extra precaution.
Anyone can scan the dark web. There are forums and marketplaces. Hacked info is widely available and frankly mostly useless. For example Cap1 sends me a notice (in 2019) that my email and password was found on the dark web. I click through to their info and it’s my email and password from “Dropbox”, (the data storage site). Well I already knew about this because it showed up in my newsfeed from CNET in 2016 when the hack happened. So 3 years later no one is selling the info on the dark web they are just posing it out in the open for anyone to find. So Cap1 one is sending me old useless information.
Similar thing when they notified me that my LinkedIn password was on the dark web. That hack is also a few years old and I had closed my LinkedIn account down when that hack made the news.
Major hacks make the news, and usually companies will notify you (unless they are a credit bureau, then they will try to keep it a secret until they get caught)
The reason I said mostly is because hacks that can net financial gain are for sale and not open for Cap1 to scrape off a list and notify you. Is Cap1 buying dark web data? Unlikely. That seems like they could get in trouble for that. Let’s say they buy a dark web list and it’s cusomter data from another bank. Ruh-ruh. 🤷♂️
TLDR; they have a bot that is crawling the dark web. It’s not hard to do.
@Anonymous wrote:Anyone can scan the dark web. There are forums and marketplaces. Hacked info is widely available and frankly mostly useless. For example Cap1 sends me a notice (in 2019) that my email and password was found on the dark web. I click through to their info and it’s my email and password from “Dropbox”, (the data storage site). Well I already knew about this because it showed up in my newsfeed from CNET in 2016 when the hack happened. So 3 years later no one is selling the info on the dark web they are just posing it out in the open for anyone to find. So Cap1 one is sending me old useless information.
Similar thing when they notified me that my LinkedIn password was on the dark web. That hack is also a few years old and I had closed my LinkedIn account down when that hack made the news.
Major hacks make the news, and usually companies will notify you (unless they are a credit bureau, then they will try to keep it a secret until they get caught)
The reason I said mostly is because hacks that can net financial gain are for sale and not open for Cap1 to scrape off a list and notify you. Is Cap1 buying dark web data? Unlikely. That seems like they could get in trouble for that. Let’s say they buy a dark web list and it’s cusomter data from another bank. Ruh-ruh. 🤷♂️
TLDR; they have a bot that is crawling the dark web. It’s not hard to do.
That is very informational. Thank you and thank you for everyone who responded!
@Anonymous wrote:I received an alert saying my email was compromised due to a website breach. I'm just curious how capital one is able to scan the dark web... Does anyone have a hunch?
The dark web as you know it is really not as dark as you think it is. The real dark web is actually intermixed with everything else and if you know the right URL(Uniform Resource Locater aka the thing you type in the address bar) you can walk right in most times. Most traffic only travels in the top %1 of the web anyway. Also the only reason a site is on google is because the person in charge has requested that it be listed. If the owner wanted to they can skip listing it or delist it completely. Capitol One can easily keep track of any breach by bot as there are not that meny places that people share breached info at. Now they cannot really keep up with breaches in real time if there is a sale of your info in a closed auction or if the exchange happens in a secured forum but they do what they can and offer it for free so no harm no foul.