Receive alerts when your data is leaked with this tool

Terbium Labs' Matchlight product searches for stolen data that’s circulating on the black market

If you’re worried that your data might end up in the hands of a hacker, one site is offering a free service that can give you a head’s up.

Baltimore-based Terbium Labs has come up with a product called Matchlight, which crawls the dark recesses of the internet, looking for stolen data that’s circulating on the black market.

On Tuesday, Terbium Labs opened the product to the public. That means any user can sign up to have five of their personal records monitored for free.

For example, a user can plug in his email address, phone number, and Social Security number as one single record and receive an alert if the MatchLight notices any of the details appearing on the internet.

Handing over such personal information to Terbium Labs may set off alarm bells. But the company actually doesn’t store any of that information in its original form. Instead, it creates “fingerprints “of the data through a hashing algorithm done on the client’s own browser.

matchlight Matchlight

The Matchlight dashboard.

“It’s significantly more private,” said Tyler Carbone, COO of Terbium Labs. “We don’t store any original content. We just store the fingerprint.”

Those fingerprints can then be compared with the data Matchlight finds online. The product is constantly searching the Dark Web, including in password protected forums for stolen information that hackers may have leaked or been put up for sale.

The company initially launched a private beta of Matchlight last year, and the product already has a few dozen corporate customers. Its fingerprint method was meant to solve the risk of corporate clients handing over sensitive data to third-party security vendors, Carbone said.

“Matchlight was designed to fill that gap,” he added. “You would much rather find out about leaks in-house, rather than when it appears on the news.”

Terbium Labs is one of several companies offering products that search the Dark Web for potential cyber threats and data leaks. Augusto Barros, an analyst with research firm Gartner, however, called Matchlight "innovative" with its use of a fingerprinting method to ensure the data is kept private. 

The product also contains some automated functions for corporate users. For instance, clients can upload entire documents or source code to Matchlight, which will then search for potential matches, Barros said. 

This can be particularly useful when it comes to detecting company insiders threatening to sell sensitive data online. 

"In that way, you can search for data leaks more efficiently than what other vendors are doing," he said. 

Join the CSO newsletter!

Error: Please check your email address.

More about BaltimoreGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts