By using this website, you agree to our use of cookies to enhance your experience.


Agents warned over dark web password sales and data breaches

Estate agents and small businesses are being warned to take greater care over passwords to stop hackers breaking into their systems.

David Nicholls, managing director of Better-IT, says over 15 billion passwords are available on the dark web. Most of them are available for free, but bank details can be sold for up to £55.

The dark web is part of the internet that can't be reached by normal browsers. It's known for being somewhere that people buy and sell illegal items, as well as personal data.


Hackers are increasingly able to break into businesses' systems and download huge databases of data, with Twitter just one firm to suffer a high-profile hack recently.

"If your password is stolen and you use the same password across multiple systems, that’s when you can quickly get into really big problems," says Nicholls.

"If hackers can use stolen data to get into one system used by your business, they can sometimes leverage this to get into other systems."

"The worst thing they can do is access your email, as this lets them reset passwords and monitor all your communications," he adds.

Nicholls says agents can protect themselves by taking two steps. The first is to  use a different randomly generated password for every login. The second is to use a password manager to keep track of all passwords.

  • Sara Statman


    Thank you for raising such important issues. Passwords in general are known as "one factor" authentication.

    Multi-step authentication requires two physical passwords or codes. Typically this would be your login ID or e-mail as the first step then a One Time Passcode (OTP) sent by sms. However both of these are one factor as they are things “you know”. You may access an e-mail account from your mobile and receive the OTP through the same mobile so you are still only using one device. The authentication key is not part of the device itself, but rather information stored on the device.

    Furthermore, OTPs can be hacked through “social engineering”. This means hackers manage to intercept your mobile data and thus would have access to the OTP and your systems.

    To address these concerns, along came 2-Factor Authentication (2-FA). This means there must be two separate factors present before the user can login. The first factor is "possession" of a device: a smart phone, ipad, desktop or laptop. The second factor is "knowledge": PIN, Passcode or Biometric ID. A good analogy is a bank’s ATM card combined with a PIN. The pin needs to be used in combination with the card to allow account access. With on-line systems in general, instead of an ATM card, 2-FA relies on a user’s device plus a PIN or Passcode. For theft to occur the hacker would need to steal both the device and the knowledge of the PIN or Passcode.

    Key-Based, 2-Factor Authentication (2-FA): The Solution Used by LetFaster

    A superior alternative is key-based 2-FA. The PIN is neither transmitted nor stored so it cannot be hacked or stolen. When a new user signs up, the user downloads the app, enters a PIN and remembers the PIN, the same as they would for an ATM card. Furthermore, the PIN is always entered on the app’s special keypad, not on the keyboard/keypad of the device. This is a significant improvement as it prevents a keylogger from recording what you type. If your device is stolen, the PIN would fail after a few incorrect attempts. In this instance the only way to obtain the PIN remotely would be accessing the device’s camera, so for additional security the user could hide the camera lens while typing the PIN.

    Anyone wishing to upgrade security and integrate our secure Key-Based 2-FA into their own systems may contact us at info(at)letfaster.tech.

    LetFaster is a division of IDcheck Limited.


Please login to comment

MovePal MovePal MovePal
sign up