Is Your Personal Information on the Dark Web?
When data breaches are reported, details are usually murky. China’s data leak in July 2022, if authentic, may have exposed one billion resident records on the Dark Web.
TechCrunch reporters suggest that these records were siphoned from a police database after being inadvertently exposed since April 2021.[*]
Bounty hunters typically scan for such sensitive data to help companies uncover cybersecurity vulnerabilities. In Beijing’s case, it was a malicious hacker that stumbled upon the exposed data. The threat actor then demanded a ransom payment of 10 bitcoins to return copies of the stolen data.
The often nefarious workings of the Dark Web are a mystery to many internet users. But if your private information does surface on a cybercrime forum or website, there are ways for you to receive early alerts.
What Is a Dark Web Alert? Should You Be Worried?
A Dark Web alert is a type of security notification. It informs you that your sensitive information — such as credit card numbers, phone numbers, login credentials, email accounts, home addresses, or other personally identifiable information (PII) — has surfaced somewhere on the Dark Web.
Sometimes, malicious hackers collect this information through social engineering tactics, including phishing emails or remote access scams. However, in most cases, exposure on the Dark Web is due to large-scale data breaches that affect thousands or even millions of people at once.
How Do These Security Alerts Work?
The Dark Web is a network of heavily encrypted web pages that basic web browsers or search engines cannot crawl. This subset of the deep web, only accessible with an anonymizing browser called Tor, tends to host a sizable number of illicit marketplaces.
The substantial minority of scammers aside, the Dark Web is an efficient space for anonymous communications, whistleblower websites, and threat analysis.
Dark Web alerts are sent after scanning the deep web for your information. A digital security solution like Aura will first need details like your name, address, phone number, email address, and Social Security number (SSN) to begin continuous Dark Web monitoring.
Aura then conducts Dark Web scans for the information you’ve shared. For example, if your bank was hacked and your login password was leaked, Aura will send you an alert so that you can update your password and lock down your bank account.
There’s a good chance your information is already on the Dark Web. You can run a free security scan with your email address to see what Aura has already found.
The Dark Web is:
- An anonymous underground network.
- A hotspot for classified information like whistleblower sites.
- Often used to buy and sell stolen identities.
Dark Web monitoring:
- Creates a personalized “watchlist” that tracks all forms of your sensitive information.
- Scans for leaks of your personal data, public records, bank account numbers, and more.
- Issues alerts when leaks are detected.
Other security alerts you might receive
The Dark Web isn’t the only place that should be monitored to keep your information secure. Aura also conducts 24/7 scans of these other areas.
- Credit monitoring alerts: Receive alerts about changes to your credit file that are reported by the three main credit bureaus — Equifax, Experian, and TransUnion.
- Monthly credit score and annual reports: These alerts ensure that you’re always informed about your current credit score and any new inquiries or accounts opened in your name.
- Financial transaction monitoring alerts: Shows all your accounts at a glance, in one place, and sets customizable transaction alerts.
- Bank account monitoring alerts: Tracks and highlights any changes to your registered bank accounts.
- SSN and identity monitoring alerts: Detects whether anyone else is unlawfully using your Social Security number or identity.
- Criminal and court record alerts: Informs you if your identity appears in any court records.
- Home title and address change alerts: Monitors your property title and protects you from deed fraud.
💡 Related: What To Do if Your SSN Is on the Dark Web →
Did You Receive a Dark Web Alert? Do This
If you receive a Dark Web alert, there are a few steps that you should take right away.
1. Place a credit freeze or fraud alert
- For a fraud alert, contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) and notify them of the breach. Fraud alerts encourage lenders and creditors to take extra steps to verify your identity (such as contacting you by phone) before opening a new credit account in your name or making changes to existing accounts.
- For a credit freeze, contact each of the three bureaus separately and request to freeze your credit so that no new accounts can be opened in your name.
2. Take a closer look at your credit reports
- Get a free credit report at AnnualCreditReport.com.
- Review recent activity on your credit reports, and verify any new accounts or transactions.
- If you see evidence of suspicious activity — such as unauthorized hard inquiries — contact the lender immediately and report identity theft.
3. Secure your SSN
- Contact the Social Security Administration (SSA) to report the possible theft of your Social Security number.
- Create an account at SSA.gov and review claimed earnings to determine whether your SSN is being used by someone else.
- Consider locking your SSN if you’re not actively looking for employment (or are retired).
4. Change passwords
- Change the passwords for any of your accounts that have been exposed on the Dark Web.
- If you use the same password on other accounts, replace those as well.
- Aura’s password manager can help by securely storing all of your login credentials and helping you create new, complex passwords with just a few clicks.
5. Contact the Department of Motor Vehicles (DMV) about your license
- If your driver’s license information was stolen, the DMV may need to place a fraud alert. From there, you can start the process of getting a new license.
- See if you’re eligible to place a “Verify ID” flag on your driver record. This informs law enforcement that your identity has been compromised or stolen.
6. Report passport fraud
- If your passport information has been compromised, contact Travel.state.gov to report passport fraud.
- Complete the DS-64 form to report a lost or stolen passport, and the DS-11 form to apply for a new United States passport.
7. Set up two-factor authentication (2FA) on all your accounts
- Go into the security settings of your personal online and social media accounts and see if they offer two-factor authentication (2FA).
- Ideally, opt for authentication through a phone app. An authenticator app like Authy is more secure than one-time codes sent via SMS.
8. If you notice signs of identity theft:
- File a report with the Federal Trade Commission (FTC) on IdentityTheft.gov and obtain a copy of your Identity Theft Affidavit. Also contact your local police department with this affidavit, a government-issued photo ID, proof of your address, and any other evidence of identity theft.
- Call the fraud department at other impacted organizations, like banks or credit card companies. Request written confirmation to verify that any fraudulent accounts were closed and transactions have been reversed.
Can You Remove Your Data From the Dark Web?
Unfortunately, there are no reliable ways to scrub your information from the Dark Web. Sites that illicitly buy and sell personal data usually escape the same regulations to which legitimate websites are subject.
This is due, in part, to the layers of encryption and anonymity that characterize the Dark Web. But the dilemma is further complicated by the fact that it’s not only used by criminals.
Others that depend on the protections of the Dark Web include organizations like law enforcement, undercover intelligence, and even dissidents, whistleblowers, and victims of oppressive regimes.
This certainly doesn’t mean that the Dark Web is never regulated. But the cybercriminals that are caught and shut down by authorities usually belong to much larger operations. (This includes multimillion-dollar drug busts, child trafficking and exploitation cases, and large-scale security breaches.)
For this reason, your information won’t be erased from the Dark Web anytime soon. Instead, the best workaround is to go on the defensive. Scanning the Dark Web yourself, however, is both dangerous and time-consuming. That’s where Aura comes in.
Hacks Happen. Aura Can Help
There were 817 publicly-reported data compromises just in the first half of 2022 alone.[*] Even if you weren’t directly affected by any of these highly publicized data breaches, your PII could still be at risk.
And once that data is on the Dark Web, it’s available to identity thieves indefinitely. But with Aura, you get complete coverage (and peace of mind).
- 24/7 customer support: Receive one-on-one support from Aura’s White Glove Fraud Resolution team of specialists. In the event of an identity theft, a dedicated case manager will help you navigate credit bureaus and federal institutions.
- $1 million fraud insurance across all plans: Aura’s identity theft insurance covers every adult member on an Aura plan for up to $1 million in expenses incurred for eligible losses due to identity theft — including lost wages, legal fees, travel expenses, and more.
- Comprehensive remediation plans: Effective fraud resolution solutions are not one-size-fits-all. An Aura fraud specialist will craft a step-by-step plan tailored to your specific case. Afterward, your account will be closely monitored for 90 days to flag any further suspicious activity.
- Family identity theft protection: If Aura detects any suspicious activity on your accounts, you’ll receive fraud alerts in near real-time up to 4x faster than competitors. Aura’s family plan allows you to extend security protections for up to five members of your family (including children).