If you’re worried that your data might end up in the hands of a hacker, one site is offering a free service that can give you a head’s up.
Baltimore-based Terbium Labs has come up with a product called Matchlight, which crawls the dark recesses of the internet, looking for stolen data that’s circulating on the black market.
On Tuesday, Terbium Labs opened the product to the public. That means any user can sign up to have five of their personal records monitored for free.
For example, a user can plug in his email address, phone number, and Social Security number as one single record and receive an alert if the MatchLight notices any of the details appearing on the internet.
Handing over such personal information to Terbium Labs may set off alarm bells. But the company actually doesn’t store any of that information in its original form. Instead, it creates “fingerprints “of the data through a hashing algorithm done on the client’s own browser.
“It’s significantly more private,” said Tyler Carbone, COO of Terbium Labs. “We don’t store any original content. We just store the fingerprint.”
Those fingerprints can then be compared with the data Matchlight finds online. The product is constantly searching the Dark Web, including in password protected forums for stolen information that hackers may have leaked or been put up for sale.
The company initially launched a private beta of Matchlight last year, and the product already has a few dozen corporate customers. Its fingerprint method was meant to solve the risk of corporate clients handing over sensitive data to third-party security vendors, Carbone said.
“Matchlight was designed to fill that gap,” he added. “You would much rather find out about leaks in-house, rather than when it appears on the news.”
Terbium Labs is one of several companies offering products that search the Dark Web for potential cyber threats and data leaks. Augusto Barros, an analyst with research firm Gartner, however, called Matchlight "innovative" with its use of a fingerprinting method to ensure the data is kept private.
The product also contains some automated functions for corporate users. For instance, clients can upload entire documents or source code to Matchlight, which will then search for potential matches, Barros said.
This can be particularly useful when it comes to detecting company insiders threatening to sell sensitive data online.
"In that way, you can search for data leaks more efficiently than what other vendors are doing," he said.