What to Do if Your Info Is Found on the Dark Web
If you know anything about the dark web then you know having your information published there is bad news. What exactly is the dark web, and how does your information end up there? What should you do when you find out your info is on the dark web?
What is the dark web and how does it work?
The dark web is the “hidden” part of the Internet that’s not accessible through a regular web browser. The content on the dark web is encrypted and requires special authorization to access. The most common way to surf the dark web is through Tor, a tool which hides IP addresses and locations.
Because the dark web is anonymous, it’s home to a lot of shady or illegal activities — drug deals, arms sales, and worse. The dark web is also the ideal place for criminals to buy and sell identity information, such as credit card numbers, Social Security numbers, medical records, passports, and email addresses. Experian estimates that a SSN can go for $1, a diploma for $400, and a U.S. passport for $1000.
Dark web or deep web?
You may have also heard of the deep web, and it’s important to distinguish it from the dark web. The deep web isn’t sinister, it’s just the part of the Internet that doesn’t get indexed by search engines. Pages that require sign-in or authentication, like online banking dashboards or your Amazon shopping cart are part of the deep web. Experts estimate that the deep web makes up 90% of the Internet.
How did your info end up on the dark web?
- Data breaches: Every so often you might hear about a big data breach at a large company in the news. Adobe, Canva, eBay, Equifax, and MyFitnessPal are just a few of the biggest in the last 20 years. When companies get hacked, their users’ information gets stolen. If you have an account or any information saved with a company and it announces a data breach, start securing your passwords and personal data immediately.
- Weak public WiFi networks: When you join a non-password protected network, anyone can easily take a peek at what you’re doing on the device you connected with. For this reason, always avoid using public WiFi, even at coffee shops where there’s a password but it’s “coffeeshop1” or something generic and easy to guess. If you absolutely must use public WiFi for whatever reason, always browse with a Virtual Private Network (VPN).
- Compromised online security: If you’re visiting an unencrypted website, a hacker can pull a “man-in-the-middle” attack and intercept the information you input on the website. Always visit websites that start with HTTPS instead of HTTP, because the “S” means it’s more secure. If you need to visit a website without the HTTPS protocol, use the HTTPS Everywhere browser add-on from the Electronic Frontier Foundation.
- Offline information: Leaving paper bills or statements with your name and address out is also a way to compromise your security. If you have sensitive info printed on paper, always keep it locked up somewhere safe or shred it before throwing it away.
Dark web monitoring vs. dark web protection
Because threats from the dark web have become so prevalent, many companies have started offering dark web monitoring services. Many others will do a one-time dark web scan of your information to see if it’s out there. WhatsUp Gold, Have I Been Pwned?, and Echosec Beacon are all legitimate dark web scanners you can use to check if your information is being shared.
If dark web monitoring comes with your antivirus software or credit card company, it’s important to note that these services only monitor. They do not take any action to prevent your information from ending up on the dark web — that’s your job.
Steps to take regain your privacy
Unfortunately, once your info is on the dark web, there’s nothing you can do to remove it. But you can beef up your personal data security to ensure that anyone who has that information won’t pose a threat to you.
1. What kind of information was found?
How you proceed will depend on the type of information that was found. If it was a credit card number or anything related to your bank, freeze your cards and accounts immediately and contact your bank about next steps.
If it was your driver’s license, contact your local DMV about getting a new card. If it was your passport number, report it to the U.S. State Department. For a leaked Social Security number, contact the Social Security Administration.
If your email address was shared, you should change all the passwords for accounts you have linked to that email address. You might start noticing spoofed emails as well. Alert your email provider right away.
2. Scan your computer for viruses
It’s possible that a hacker may have already compromised your security if they got your info from the dark web. Run a check with your antivirus software on your computer, smartphone, and other devices with operating systems.
3. Change all passwords
If your email was shared, changing passwords is a definite must. But even if it wasn’t your email address that appeared on the dark web, you should still consider resetting passwords for as many of your accounts as you can — especially accounts in which you have payment information saved.
How to protect your data
While you can’t remove your info from the dark web once it’s there, you can take steps to prevent anyone from leaking your identity or personal data in the first place:
- Use a password manager
- Avoid public WiFi
- Set up two-factor authentication
- Make a junk email account
Finding out that your info is on the dark web can be scary. As long as you know what’s at stake and how to react, then it shouldn’t cause too many problems for you. And remember, the best cybersecurity defense is always prevention.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety
Romance scams are nothing new, especially when online dating is involved. And with the popularity of cryptocurrencyover…[Read More]
Start looking at all text messages you get with a wary eye! If this subject is new…[Read More]
Beware of any calls you get to talk about Zelle and fraud, even it's from your "bank."...[Read More]
Cybersecurity isn’t just for cybersecurity professionals or people who understand code. Employees at any level can let…[Read More]
As you watch your parents get older, it’s easy to begin to worry about them falling for…[Read More]