The Weekly Breach Breakdown Podcast: The Dark Web Myth - Where Does Your Stolen Data Live? - S7E10

Show Transcript

Is the dark web a myth? Where is all of this stolen data being stored? Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for April 3, 2026. I'm Alex Achten, Vice President of Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we review the latest events and trends in data security and privacy. Today, we dive into those two questions. 

First, let’s look at a major law enforcement shutdown last month. Authorities from 14 countries shut down LeakBase, a site that had more than 142,000 members. That made it the world’s largest forums for cybercriminals. According to CyberScoop, law enforcement seized its domains and arrested multiple people allegedly involved in the cybercrime marketplace for stolen data and hacking tools.  

The stolen data, which included debit and credit card numbers, banking account and routing information and credentials for account takeovers, was linked to numerous high-profile attacks.  

Europol, which hosted the coordinated operation in the Netherlands, described LeakBase as a “central hub in the cybercrime ecosystem” that specialized in leaked databases and stealer logs. The website contained more than 32,000 posts and over 215,000 private messages.  

One interesting note about this takedown is that the site was available on the open web, not the dark web. What does this mean? Is the dark web a myth? What about dark web monitoring?  

The dark web is not a myth. There is a hidden portion of the internet that enables anonymous, encrypted communication, making it a hub for the sale of stolen data. However, it is not where cybercrime is exclusively conducted, either. The takedown of LeakBase is just one example of this. Oftentimes, it’s in the open where the sheer volume and velocity of criminal activity make it difficult for law enforcement and cybersecurity teams to keep up. 

As the ITRC reported in our latest Annual Data Breach Report, 2025 was a record year for data breaches, with the United States seeing 3,322 publicly reported compromises. This shows the increase in scale and scope of cybercrimes.  

What about dark web monitoring? Is it worth it? It cannot hurt. It is a cybersecurity measure you can take to detect compromises and mitigate damage. However, you should remember that your information may be publicly available in many other locations, like LeakBase.  

The best thing you can do is protect your personal data.  

- Freeze your credit. This is the single most important thing you can do. It prevents identity thieves from opening new accounts in your name. 

- Secure your online accounts. Use passkeys when they are available. If they are not, use unique 12+ character passphrases for each account with multifactor authentication (preferably with an authenticator app) for an added layer of security.  

- Limit the amount of data you share. Review your privacy settings on social media to make sure they are set to private. Try to avoid sharing personal information on those platforms. 

- Update your software regularly. Updates for operating systems, browsers and applications patch security vulnerabilities.  

- Avoid the unexpected. If you get any emails or text messages you are not expecting that include links, ignore them. Go directly to the source to verify the message is real. The same is true for telephone calls and social media Direct Messages. Don’t engage unless you initiated the contact or you have proof that the person on the other end is a trusted friend or business.  

The ITRC has a cyber hygiene quiz where you can test your knowledge and get tips on the best practices to adopt. To take the quiz, visit our company website, www.idtheftcenter.org, and click the banner at the top titled “Are You Cyber Safe?” Find Out Now! Take Our Quiz.” 

Your stolen data living on the dark web should be taken seriously. With that said, remember, it is on the open web, too. You are your best line of defense. 

If you want to know more about how to protect your business or personal information or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started. 

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts.  

We will return next week with another episode of the Weekly Breach Breakdown. I’m Alex Achten. Until then, thanks for listening.