CHICAGO (WLS) -- It's easy for criminals to obtain your personal and financial information, your passwords and identity, and sell it on the dark web.
But there are also ways you can fight back and protect your money.
"All your data is for sale on the dark web, not just your email address and your password," said Chris Rouland, CEO of Phosphorus Cybersecurity.
Rouland finds security gaps and vulnerabilities for his clients. He showed the I-Team a hard drive and info on it, which he said contains billions of usernames and passwords, on the dark web.
"Four billion usernames and passwords," he said.
Rouland found our producer's password by entering her email. He said he didn't buy the information and would never sell it.
"I found it because that's where I hang out. Because I keep an eye on the bad guys. I heard about a big password breach. Your identity is a commodity. Your identity is valuable. It could be worth $1. It could be worth $1,000. It's worth something and it's bought and sold and traded," he explained.
You may never know if your information was obtained on the dark web, but identity theft victim Dovie Villalobos believes hers could have been.
"I'm walking around with embarrassment and shame inside," said Villalobos, who is disputing $10,000 in what she said are fraudulent transactions, which occurred over several months with her Chase bank account.
She said she's also had to close lines of credit with other companies opened in her name.
"They have my first name, my last name, they have my address, and so they were able to know where I live and my phone number. They have even my birthday," she said.
Villalobos believes it all started with thieves skimming her debit card number at a gas pump.
"The number one rule to me is, is try to never to use your cash card if you don't have to. That's direct access to the money in the bank," said Commander Paul Kane, who heads investigations at the Oak Park Police Department.
He said that because of multiple online transactions across the country, thieves could have also obtained more information, like a passwords or a debit card PIN, from the dark web.
"It is very possible you could have your card in your wallet and never even know that the PIN or the swipe has been compromised, and they're already out there using it, the technology has advanced that high," he said.
Security experts say hackers first target less secure accounts you may have with stores, streaming services, gyms or apps used to invite people to events instead of banks. After they get passwords or PINs from other platforms, they can match them to your banking accounts.
Rouland showed the I-Team how easy it is to be at risk from data breaches on other accounts not related to your bank. He searched and found data of reporter Jason Knowles.
"Your data was stolen nine times," Rouland told Knowles.
To stop hackers from matching up accounts, you should use different, strong passwords and PINs. Also keep an eye on your banking transactions.
"You should be checking all of these regularly to make sure that there's no fraudulent activity. All it takes is one to get compromised and it could it could snowball into something much larger," Kane said.
Chase bank said it has been in contact with Villalobos about her claims. It said some were approved while others were not, based on account activity. And that in addition to her fraud disputes, she can also file an "identity theft claim" which may also help.
"Inside it's still bothering me. Where I can't imagine," said Villalobos. "I am having racing thoughts about what happened and what why would they do this to me, you know, I'm a social worker. I help kids, I help adults, you know, to, for them to have a better life. And in return, they do this to me?"
The most recent report from the FBI shows that $414 million was lost to identity theft and data breaches in 2020.
Always use two-factor authentication on banking accounts. Consider getting password manager app and beefing up your passwords; for example, use a sentence then add characters and numbers.