- Security experts told Business Insider that data obtained by Cambridge Analytica isn’t likely on the dark web.
- But there is a larger problem with how much personal data is exposed online, either by legitimate companies looking to sell ads, or by hackers.
The type of personality data harvested by Cambridge Analytica might allow researchers to predict who someone might vote for, but it pales in comparison to what data advertisers collect or what sensitive data is for sale on the dark web.
“The Cambridge Analytica thing has really resonated with people, but it has pointed out a much larger problem,” Mark Turnage, the CEO of DarkOwl, a cybersecurity firm specializing in the dark web, told Business Insider. “The more websites you use the more careful you have to be, because that data is not only being bought and sold for perfectly legal uses, but it’s also being bought and sold for illegal uses.”
The scope of how much data is being brokered between companies and cyber criminals online has been a concern for privacy advocates for years; everything you do online is tracked some way or another.
“If people really knew how much data was used for companies to learn about them, track them, and sell products to people, they’d probably be a little more careful with their data,” said Corey Milligan, a senior threat analyst at cybersecurity firm Armour.
And that’s just what’s legal. Hackers also use malware to target companies and public institutions that store social security numbers, credit card numbers, bank account information, health records, and login information to various websites.
The marketplace for personal data on the dark web – the part of the internet not indexed by search engines – is so big it’s almost impossible for security researchers to quantify just how many records are out there.
But it’s unlikely the Cambridge Analytica data, which was improperly obtained from 50 million Facebook users, has made its way on the dark web. The UK-based firm used the data internally, so unless hackers stole it from Cambridge Analytica, the data probably isn’t for sale, security experts told Business Insider
Plus, the types of “psychographic” data likely obtained from Facebook – where you live, your likes, dislikes, relationship status, birthday – aren’t as valuable to hackers as the sensitive financial and health records that could be used to steal someone’s identity.
“I haven’t seen psychographic data on the dark net, and the reason for that is because if you think about a criminal who is buying data, their desire is to get access to data that can be immediately monetized,” Turnage told Business Insider.
While social security and credit card numbers might be more dangerous than the data Cambridge Analytica obtained, the consequences of the debacle have been swift and far reaching. The scandal has spawned #deletefacebook, outraged users, caused lawmakers to call on Facebook CEO Mark Zuckerberg to testify, and dramatically dropped Facebook’s stock price.
Turnage said this is due to the divisive political nature of the debacle.
“People don’t like to feel that someone is trying to manipulate them in a particularly underhanded way,” Turnage said. “Campaigns run political ads all the time, that’s part of the process – but stealing data and sending articles to try and influence people’s political opinions crosses an emotional line.”