Beginning with the Yahoo! breach back in September – where personal information was stolen and presumably published online and/or sold to be used later to attack other online accounts – I was curious to find research that shows the top sources that criminals use to gather business and personal information (both data and metadata) which they can then use for nefarious purposes. As part of this analysis, I wanted to identify both public sites and dark web sites.
Having publically reached out to a variety of folks throughout the industry, I pulled together the material contained in these slides from the following organizations:
- CSID | Adam Tyler, chief innovation officer
- RiskIQ | James Pleger, head of research
- SurfWatch Labs | Adam Meyer, chief security officer
“There has been an explosion in the number of entities offering legitimate lookup services online over the past few years,” says Tyler. “These lookup services range from Social Security number (SSN) search products to address and name verification services – all of which are used by legitimate and illegitimate users to identify and locate individuals both online and off.”
In this slide show, we’ll look at public sources for this valuable information. In a follow-up slide show, we’ll dig into dark web sources.