Bitdefender Digital Identity Protection: FAQ

Bitdefender Digital Identity Protection is a service that monitors your digital footprint. Because the information in your digital profile overlaps with your physical identity, it’s easy for cyber-criminals to exploit the data they have on you to steal your identity, invade your privacy, impersonate you for financial gain, or harm your reputation.

With Bitdefender Digital Identity Protection you can take ownership of your personal data. Discover whether your personal information has ever been leaked across the Internet and receive instant alerts about any new breaches. You can also check whether your digital footprint leaves you at risk of identity theft or social media impersonation. Your private online data can be exposed easily, but you can make sure it stays private.

• Digital Footprint Visualization: see exactly how much of your personal info has been made public or stolen.
• Continuous Identity Monitoring: be aware if any sensitive information related to your identity is found on the Dark Web and public databases.
• Real-Time Alerts: get alerts about identity theft attempts such as data breaches, account take-overs, and social media impersonations.

We scan resources that are publicly available offline and online to obtain this information. The source is listed next to every piece of information so you can tell where it came from and also act to remove it if you’re interested.

When we encounter a profile (usually from social networks) that has common elements with your identity but has not been confirmed to be yours, we will alert you about the possibility that a profile belonging to someone else is attempting to impersonate you. We will also display suggestions for actions to be taken in case it is indeed an impersonation attempt.

Much like in the physical world, a digital identity is a means of authenticating yourself against a computer system to access the services this system provides. Usernames and passwords are among the most common data in digital identities, but additional “shadow data” is required, depending on the service you sign up with.

For a bank, this shadow data includes your home address, date of birth, social security number, and purchase history. For a hospital, shadow data would include your medical history, blood type, and any other conditions you suffer from. Each service that gets breached helps cyber-criminals complete the missing picture and better paint you as a person.

A breach occurs when cyber-criminals steal your identity, invade your privacy, impersonate you for financial gain, or harm your reputation. Because the information in your profile overlaps with your physical identity, it’s easy for them to further exploit the data they have on you.

By the time you finish reading this line, 520 people will have their private information leaked online due to a data breach. It will take the affected companies several months to identify the issue and notify users about it, and a few more months until victims start to feel its effects. Over the past decade, data breaches have become the new normal. Customer information has been exposed so often that cyber-criminals now sit on more information about victims than governments do.

To find stolen data, we scan the dark corners of the web using various methods. Once the data is found, we use a proprietary system for identity resolution to discover the identity of the breached individual so we can alert the person about the breach even if the breach itself includes little or outdated information.

Most commonly, breaches include information about users’ emails, passwords, names and usernames, phone numbers, and physical addresses. Their exposed data creates a snowball effect that ultimately leads to the leak, sale, or trade of entire digital identities on the Dark Web.

Three key factors set Bitdefender Digital Identity Protection apart from the rest:

• It’s the most comprehensive digital footprint on the market.
• It monitors your social media impersonation.
• It offers clear actions to reduce your privacy risks.

You can add up to 10 email addresses and 5 phone numbers to have your identity monitored. If you add information about multiple people then your identity will be inaccurate. Please add only information about your identity. If you need to protect another identity please buy another Bitdefender Digital Identity Protection subscription and activate it in a separate Bitdefender account.

Data breaches, possible impersonation attempts, and new personally identifiable information appear in the Threats section. To stay safe, follow our remediation steps: tap each link and perform the suggested action, then mark the step as done.

No. We offer awareness about your Digital Footprint (data exposed on Surface Web) and remediation steps for data breaches (data exposed on Dark Web).

No, Bitdefender Digital Identity Protection does not include credit monitoring & score.

We use a proprietary identity resolution engine that links fragments of identity information found online and combines them into a single identity profile.

To modify the information you provided during the onboarding process, follow these steps:

1. Go to https://central.bitdefender.com/ and log in to your user account.
2. Click on Digital Identity Protection on the left side menu.
3. Next, click on Data monitoring in the top right corner.
4. On the Data monitoring page, you can do two things:

a. Remove an email address or phone number that has already been verified.

b. Edit the name you added when you configured Bitdefender Digital Identity Protection.

Personal data that forms the identity is stored as long as your Bitdefender Digital Identity Protection subscription is active. If don’t renew and your subscription expires, we will keep your data for 6 more months. If you decide to reactivate your subscription, identity monitoring resumes from the time when you canceled the subscription. You can also contact us at any time to request the removal of your data from our system even if your subscription is inactive.

To erase all your personal data please contact our support team. They’ll be more than glad to help you with your request.

While protecting your digital identity may seem a little overwhelming, you can take several steps to make it more secure or, at least, to limit the extent of a data breach. Fortunately, a combination of good practices and constant monitoring can help you navigate digital disasters:

1. We can’t stress enough the importance of complex, single-use passwords. Whenever you sign up for a service, pick a strong, unique password. Don’t worry about memorizing it – most browsers can generate and store your password in an encrypted manner. Browsers sync up between devices you own so they can automatically fill in your password when you need to log into a different device. If one of your accounts gets compromised, attackers who have access to your username and password will try to enter these credentials into all major services in the hope that you have reused them. This attack, known as “credential stuffing,” is the number one cause of massive account compromise.
2. Use a second authentication factor. Most services require disposable, one-time passwords sent via SMS or mobile authenticators as part of the login process. Enable this feature whenever available. You should also choose mobile authenticators rather than short messages as a second factor since some companies might sign you up for commercial communications via SMS once they have your phone number. Additionally, a high-profile attacker would attempt to gain control of your SIM card by porting your number, if potential financial gain is significant enough to justify the effort.
3. Keep the information you give to companies to an absolute minimum. The more data on your file, the more data is lost to hackers when a breach occurs. Only fill in information that is mandatory for setting up the account and, if possible, keep your phone number private. Don’t store credit card information with merchants if you can avoid it.
4. Monitor your personal information regularly. Some companies offer digital identity protection, a service that searches for private information (such as your name, e-mail address, and phone numbers) on both the Internet and Dark Web. This is extremely important, as you get notified as soon as your data is leaked. This way, you can rapidly act to contain the damage (change your password, block or cancel credit cards, and so on).

Roaming the Internet creates a trail that remains when you close the web browser or sign out of a service. This collection of data is your digital footprint, and it serves to build a profile in the online world that is not necessarily associated with your person. Your digital footprint (also known as a digital shadow) is the sum of your entire activity on the Internet. It is generated when you visit a website, access a service, or use a web application. Your online activity is passively tracked through cookies typically, but your actions also have a significant contribution. Consider that when you land on a web page, the minimum information disclosed to the owner includes the IP‌ address – which can give away your geographical location, operating system, and web browser used. Additional data can be added, though.

Any mark you leave in the online world is recorded and adds to your digital footprint. Reactions to posts on social media, comments to articles, surveys taken, subscriptions to newsletters, votes, shared photos, and other forms of online expression create a footprint that can be used to identify you in the real world.

Specialized companies (data brokers) collate these breadcrumbs into a rich profile that contains comprehensive demographic data, interests, purchase behavior, and affiliations. Depending on the details you leave online and the reach of the data broker, the profile may also include sensitive information that is best kept private.

The Dark Web is a part of the Internet that can be reached using specific software technology that offers anonymity. Websites in this space are open to public access but are not indexed by web search engines. Their IP addresses are hidden, which makes it difficult to learn where they are hosted. Often, this space is a hiding place for cybercriminals who sell and trade stolen or illegal goods (digital or physical). On the digital side, commodities exchanged on the dark web include user data like personal information or payment card details that fuel fraudulent activities. In many cases, this info results from data breaches, although the dark web is not the only place for trading such goods.

Typically associated with illegal activities, the Dark Web has its legitimate uses, too. Activists and whistleblowers often rely on it for anonymity, as do other users fearing surveillance. Reputable publications and communication services also have mirrors on the dark web to be accessible even from countries where normal access to their resources is blocked.

This anonymous communication between users and the destination servers is possible through thousands of computers in a network that forwards traffic to one another to encrypt and anonymize it from one point to another. Typically, this is done using the Tor software, but other solutions exist. Unlike normal websites, locations on the dark web have no human-readable domain name, end with the .onion extension, and don’t load directly in regular browsers. Most often, Tor Browser is used to connect to the Tor network and access the resources it relays.

Depending on what you are looking for, reaching certain websites on the dark web can be difficult unless you already have their address. Specialized search engines indexing content from this part of the web can be helpful but not all operators of hidden services want to be visible so their content and resources remain available to a smaller number of users.