Security guidance for dark web leaks (ITSAP.00.115)

Data breaches can be stressful. Finding out that your organization's credentials were leaked to the dark web can make the situation worse. This publication provides actions to take if you discover the presence of your organization's credentials on the dark web. The following actions will help your organization reduce the risk of information being leaked to the dark web.

On this page

How the dark web works

The dark web is a part of the Internet consisting of hidden sites that are not indexed, meaning that the site is not visible by conventional search engines. Instead, the dark web can only be accessed through specific browsers which provide increased privacy and anonymity while browsing the Internet.

Using the dark web is legal and there are many benefits to it, including increased security measures and the ability to access ad-free search engines. Despite the increased privacy measures that the Dark Web offers, it can also provide anonymity to users looking to host or spread content with malicious intent.

Cyber threat actors may use the dark web to anonymously buy and sell illegal market goods and services, including illegal content, firearms, and personal data. Threat actors often target businesses to steal customer and employee data, as well as proprietary information. If your organization's compromised data is found on the dark web following a data breach, it may result in substantial risks, including:

  • reputational damage
  • financial losses
  • legal consequences

Reduce the risks of dark web leaks

Any access to the Internet can create vulnerabilities for your organization that may be exploited by threat actors. Promoting cyber security awareness in your organization is crucial for the safety of your network and systems. Among other benefits, it can significantly reduce the risks of stolen credentials.

You should provide employees with adequate training on cyber safety and educate them on their role in protecting your organization's network and information. Your employees should understand account security measures, such as:

  • the importance of maintaining safe password practices
  • the benefits of multi-factor authentication (MFA)
  • how to handle sensitive information
  • using Wi-Fi safe practices

Implement cyber security measures

Your organization can take the following actions to reduce the risk of stolen credentials:

  • Use firewalls, antivirus software, and intrusion detection and prevention systems to protect your network and systems
  • Update and patch all software and systems regularly
  • Encrypt sensitive data
  • Implement strong access controls and privilege principles
  • Develop an incident response plan

For more information on these and other tips for how to increase your cyber security posture, consult our Cyber security hygiene best practices for your organization (ITSAP.10.102).

What to do when your credentials have been exposed

It could take your organization several months to find stolen information or credentials on the dark web. If you're aware that your organization's credentials have been leaked to the dark web, take the following actions to minimize the impact.

Contact your IT department

They will do a thorough scan for viruses, malware and other tools used by threat actors to evaluate the extent of the breach. They will also look for suspicious activity that may confirm whether the threat actors have maintained access to your network. For additional assistance, contact your relevant service providers.

Protect your assets

Ensure your antivirus software is up to date and perform thorough security scans on all devices. Isolate any compromised devices by:

  • disconnecting them from the Internet
  • turning on airplane mode
  • turning off networking and Bluetooth capabilities
  • revoking access to any third-party applications or services connected to the compromised accounts
  • reviewing and managing application permissions

Change your passwords

Threat actors may use your passwords to gain unauthorized access to other accounts, especially those with administrative privileges. To prevent unauthorized access to your networks and information, all passwords should be changed, and old passwords should never be reused.

A password manager can help you create and store complex and accessible passwords and passphrases. However, these tools present some risks to users' information. We recommend researching different vendors to make an informed choice about which is right for you. You should also consult your IT department to create a recovery plan.

Turn on multi-factor authentication

Authentication adds an extra layer of security to protect your accounts, networks and devices. To provide additional security measures for your accounts, MFA uses a combination of two or more methods of authentication, such as:

  • passwords
  • email
  • text codes
  • fingerprints

Promote internal awareness in your organization

Your organization should ensure that employees are informed of compromised credentials. Employees should change their own credentials to prevent unauthorized access to networks and information.

Review your financial accounts

Carefully review any financial accounts linked to or logged in from your devices. Notify a credit bureau of any unauthorized use and ask them to remove fraudulent items from your credit report. Freeze any compromised accounts to prevent threat actors from opening new accounts or taking out loans.

Report the incident

The Privacy Act governs the Government of Canada. However, private sector organizations are governed by the Personal Information Protection and Electronic Documents Act and are required to do the following in the event of a data breach:

  • Report any data breach involving personal information that poses a risk of significant harm to individuals to the Privacy Commissioner of Canada
  • Notify individuals affected by the breach
  • Retain records related to the breach

Learn more

Date modified: