Breach monitoring emerging as a “double-edged sword”

Anonymous data collectors shed light on past data breaches, but some want to make money out of them

Cyber

By Allie Sanchez

Anonymous internet users are trying to shed some light to past hacking attacks that mostly involve stolen databases by posting details about the attacks online, a recent report said.

Among them is Keen, who runs the website Vigilante.pw, which archives past data breaches to warn the general public. Keen is a data collector who scours the internet for stolen databases, which can involve thousands, even millions of internet accounts. “I figured it would be a good way to raise awareness about breaches,” Keen told reporters. 

However, other sites, including Leakbase and LeakedSource are trying to monetize their breach monitoring activities. While they also list data breaches, the two websites also offer a paid, searchable database of all the accounts they have on file.

In particular, LeakedSource explained that the service was offered to help firms determine whether their users have been exposed in past breaches. It also claims that the information it proffers is already available online and freely available in one form or another.

“These people aren't abusing our services," LeakedSource emphasized. "We are actively turning away people offering money because we couldn't verify what they were going to be using our services for.”
However, another anonymous data collector known as Kali, asks: “Where would you draw the line about bringing breaches to light?”

She explained that a balance should be struck between posting breach information online with protecting the entities that were previously attacked to keep hackers from striking them again.

"That's why I think it's wrong," she said, referring to selling database services based on stolen information.
 

Keep up with the latest news and events

Join our mailing list, it’s free!