Is Your Personal Information For Sale on the Dark Web?
The Dark Web is the deepest part of the internet, an anonymous network of sites and forums known for its notoriety in cybercrime and other illegal activities. When bad actors hack a company's databases, that information almost always ends up for sale on the Dark Web.
And your information is no different.
In 2022, billions of pieces of personally identifiable information (PII) were leaked to the Dark Web.
Companies and organizations ranging from Uber and Twitter to the Beijing police department were hit with massive data breaches in 2022 [*].
The problem is, even when cyberattacks are reported, details are usually murky. Companies aren't rushing to alert you that your data — that they were responsible for safeguarding — was hacked and released, putting you at risk of identity theft, account takeover, or financial fraud.
Instead, Dark Web monitoring services are one of the only ways to know if your personal data has been put at risk.
If you've received a notification that your information was found on the Dark Web, you probably want to know what to do next. In this guide, we'll explain what a Dark Web alert is and what you should do if you get one.
What Is a Dark Web Alert? Should You Be Worried?
A Dark Web alert is a type of security notification. It informs you that your sensitive information — such as credit card numbers, phone numbers, login credentials, email accounts, home addresses, or other PII — has surfaced somewhere on the Dark Web.
Sometimes, malicious hackers collect this information through social engineering tactics, including phishing emails or remote access scams. However, in most cases, exposure on the Dark Web is due to large-scale data breaches that affect thousands or even millions of people at once.
How Do These Security Alerts Work?
The Dark Web is a network of heavily encrypted web pages that basic web browsers or search engines cannot crawl. This subset of the deep web, only accessible with an anonymizing browser called Tor, tends to host a sizable number of illicit marketplaces.
The substantial minority of scammers aside, the Dark Web is an efficient space for anonymous communications, whistleblower websites, and threat analysis.
Dark Web alerts are sent after scanning the deep web for your information. A digital security solution like Aura will first need personal details like your name, address, phone number, email, and Social Security number (SSN) to begin continuous Dark Web monitoring.
Aura then conducts Dark Web scans for the information you’ve shared. Imagine your bank was hacked and your account password was leaked. Aura will send you an alert so that you can update your online banking password and lock down your account.
There’s a good chance your information is already on the Dark Web. You can run a free security scan with your email address to see what Aura has already found.
The Dark Web is:
- An anonymous underground network.
- A hotspot for classified information like whistleblower sites.
- Often used to buy and sell stolen identities.
Dark Web monitoring:
- Creates a personalized “watchlist” that tracks all forms of your sensitive information.
- Scans for leaks of your personal data, public records, bank account numbers, and more.
- Issues alerts when leaks are detected.
Other security alerts you might receive
The Dark Web isn’t the only place that should be monitored to keep your information secure. Aura also conducts 24/7 scans of these other areas.
- Credit monitoring alerts: Receive alerts about changes to your credit file that are reported by the three main credit bureaus — Equifax, Experian, and TransUnion.
- Monthly credit score and annual reports: These alerts ensure that you’re always informed about your current credit score and any new inquiries or accounts opened in your name.
- Financial transaction monitoring alerts: Shows all your accounts at a glance, in one place, and sets customizable transaction alerts.
- Bank account monitoring alerts: Tracks and highlights any changes to your registered bank accounts.
- SSN and identity monitoring alerts: Detects whether anyone else is unlawfully using your Social Security number or identity.
- Criminal and court record alerts: Informs you if your identity appears in any court records.
- Home title and address change alerts: Monitors your property title and protects you from deed fraud.
📚 Related: What To Do if Your SSN Is on the Dark Web →
What to Do If Your Information Is on the Dark Web
- Place a credit freeze or fraud alert
- Take a closer look at your credit reports
- Secure your SSN
- Change passwords
- Contact the Department of Motor Vehicles (DMV)
- Report passport fraud
- Set up two-factor authentication (2FA)
- Look for signs of identity theft
If you receive a Dark Web alert, there are a few steps that you should take right away to secure your online accounts and identity.
1. Place a credit freeze or fraud alert
For a fraud alert, contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) and notify them of the breach. Fraud alerts encourage lenders and creditors to take extra steps to verify your identity (such as contacting you by phone) before opening a new credit account in your name or making changes to existing accounts.
For a credit freeze, contact each of the three bureaus separately and request to freeze your credit so that no new accounts can be opened in your name.
2. Take a closer look at your credit reports
Get a free credit report at AnnualCreditReport.com and review recent activity on your credit reports, and verify any new accounts or transactions.
If you see evidence of suspicious activity — such as unauthorized hard inquiries — contact the lender immediately and report identity theft.
3. Secure your SSN
Contact the Social Security Administration (SSA) to report the possible theft of your Social Security number. You can create an account at SSA.gov and review claimed earnings to determine whether your SSN is being used by someone else.
Consider locking your SSN if you’re not actively looking for employment (or are retired).
4. Change passwords
Change the passwords for any of your accounts that have been exposed on the Dark Web. If you use the same password on other accounts, replace those as well.
Aura’s password manager can help by securely storing all of your login credentials and helping you create new, strong passwords with just a few clicks.
5. Contact the Department of Motor Vehicles (DMV) about your license
If your driver’s license information was stolen, the DMV may need to place a fraud alert. From there, you can start the process of getting a new license.
See if you’re eligible to place a “Verify ID” flag on your driver record. This informs law enforcement that your identity has been compromised or stolen.
📚 Related: What To Do If Your Email is Found on the Dark Web →
6. Report passport fraud
If your passport information has been compromised, contact Travel.state.gov to report passport fraud. Complete the DS-64 form to report a lost or stolen passport, and the DS-11 form to apply for a new United States passport.
7. Set up two-factor authentication (2FA) on all your accounts
Go into the security settings of your personal online and social media accounts and see if they offer two-factor authentication (2FA). Ideally, opt for authentication through a phone app. An authenticator app like Authy is more secure than one-time codes sent via SMS.
8. Look for signs of identity theft
File a report with the Federal Trade Commission (FTC) on IdentityTheft.gov and obtain a copy of your Identity Theft Affidavit. Also contact your local police department with this affidavit, a government-issued photo ID, proof of your address, and any other evidence of identity theft.
Call the fraud department at other impacted organizations, like banks or credit card companies. Request written confirmation to verify that any fraudulent accounts were closed and transactions have been reversed.
📚 Related: What To Do If Your Identity Is Stolen →
Can You Remove Your Data From the Dark Web?
Unfortunately, there are no reliable ways to scrub your information from the Dark Web. Sites that illicitly buy and sell personal data usually escape the same regulations to which legitimate websites are subject.
This is due, in part, to the layers of encryption and anonymity that characterize the Dark Web. But the dilemma is further complicated by the fact that it’s not only used by criminals.
Others that depend on the protections of the Dark Web include organizations like law enforcement, undercover intelligence, and even dissidents, whistleblowers, and victims of oppressive regimes.
This certainly doesn’t mean that the Dark Web is never regulated. But the cybercriminals that are caught and shut down by authorities usually belong to much larger operations. (This includes multimillion-dollar drug busts, child trafficking and exploitation cases, and large-scale cybersecurity breaches.)
For this reason, your information won’t be erased from the Dark Web anytime soon. Instead, the best workaround is to go on the defensive. Scanning the Dark Web yourself, however, is both dangerous and time-consuming. That’s where Aura comes in.
Hacks Happen. Aura Can Help
There were 817 publicly-reported data compromises just in the first half of 2022 alone [*]. Even if you weren’t directly affected by any of these highly publicized data breaches, your PII could still be at risk.
And once that data is on the Dark Web, it’s available to identity thieves indefinitely. But with Aura, you get complete coverage (and peace of mind).
- 24/7 customer support: Receive one-on-one support from Aura’s White Glove Fraud Resolution team of specialists. In the event of an identity theft, a dedicated case manager will help you navigate credit bureaus and federal institutions.
- $1 million fraud insurance across all plans: Aura’s identity theft insurance covers every adult member on an Aura plan for up to $1 million in expenses incurred for eligible losses due to identity theft — including lost wages, legal fees, travel expenses, and more.
- Comprehensive remediation plans: Effective fraud resolution solutions are not one-size-fits-all. An Aura fraud specialist will craft a step-by-step plan tailored to your specific case. Afterward, your account will be closely monitored for 90 days to flag any further suspicious activity.
- Virtual private network (VPN) and antivirus: Aura’s VPN can encrypt your internet traffic and hide your IP address if you’re on public Wi-Fi networks a lot. Also scan your device for malware and other malicious software using Aura.
- Family identity theft protection: If Aura detects any suspicious activity on your accounts, you’ll receive fraud alerts in near real-time up to 4x faster than competitors. Aura’s family plan allows you to extend security protections for up to five members of your family (including children).