Jaeger, David; Graupner, Hendrik; Sapegin, Andrey; Cheng, Feng; Meinel, Christoph
Proceedings of the 7th International Conference on Passwords (PASSWORDS 2014)
The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.