How ‘Digital Footprint’ shows your data exposure

What size shoe are you? Digitally, that is.

Cybersecurity company Malwarebytes released an updated version of its free Digital Footprint Portal tool, which quickly reveals an authenticated user’s exposed personal data like passwords, bank and social media accounts, and Social Security number, and offers remediation tips and information regarding sources of the compromise (along with a link to other Malwarebytes products).

“We want to drive awareness for people to understand that their information is exposed, and they are at risk. It doesn’t matter if you have $10,000 in the bank, $100,000, or $100 million,” Oren Arar, VP of consumer privacy, told IT Brew.

A 2024 study from US News and World Report found that 44% of 1,200 surveyed US adults said they experienced data breaches multiple times. (Only 37% of respondents said they received notification of an account or personal-data compromise.)

Once a user authenticates via email, the Digital Footprint Portal tool unveils their exposed PII, or personally identifiable information, like phone number, address, and location. Other digital details can include:

• Exposed passwords—and likely not just old, weak ones that guarded your WordPress blog back in 2006. Arar noted a rise in infostealers, botnets, and tools that steal credentials and passwords. A new report from SpyCloud, which collects and analyzes recaptured data from breaches, found that 61% of the company’s investigated breaches “were malware-related and included 344 million stolen credentials.”
• Social Security numbers: “If I have your SSN, address, phone number, date of birth, and full name, I can essentially go to…any kind of online bank website and open a new credit account on your behalf,” Arar said.
• Social accounts. While a hacked Instagram or Twitter may not feel as serious as the theft of your SSN, attackers “password-spray” accounts and will try the same credential in many of the targeted user’s services. “In many cases this is also kind of an early indicator that they want to hack into your financial accounts,” according to Arar.

The free tool also provides information about the specific breaches or infostealers that exposed the pieces of data, along with remediation advice, like placing multi-factor authentication on accounts and activating credit monitoring in the case of an exposed Social Security number.

Malwarebytes saves your email address to provide updates when the company finds new associated PII appearing in stolen data.

According to Malwarebytes’ statistics, 1 million people have already used the original Digital Footprint tool and found that:

• 60% had plain text passwords exposed
• 50% had their full name exposed
• 41% had their date of birth leaked
• 26% had a phone number exposed

“We know a lot about how the attackers are thinking and how they work. And we know that this is kind of phase one for them: to collect all of this intelligence and understand who will be easier to attack,” Arar said.