Ryan Toohil has a BS in Computer Engineering from Virginia Tech and holds multiple patents in the web services domain. As the CTO at Aura, he leads the platform, information security, and corporate IT teams.
Alina Benny is an Aura authority on internet security, identity theft, and fraud. She holds a bachelor's degree in Electronics Engineering from the Cochin University of Science and Technology and has nearly a decade in content research. Twitter: @heyabenny
Is Your SSN, Email (or Something Even Worse) for Sale on the Dark Web?
When a Washington State resident found out that someone had used his identity to try to buy a car in Seattle, he never imagined that it would end in a $60,000 credit card fraud scheme that left him with just 32 cents to his name [*].
But when detectives finally caught up with the criminal, they discovered over 20 stolen credit cards on him — all bought off the Dark Web.
Data breaches that leak personal and financial information are becoming an almost daily occurrence in the United States. According to the Identity Theft Resource Center [*]:
There were 1,862 publicly reported data breaches impacting over 422 million individuals in 2022 – the highest numbers ever for a single year.
If your private information is leaked to the Dark Web, scammers can use it to steal your identity, rack up debts in your name, deplete your Medicare benefits, or ruin your credit history.
In this guide, we’ll explain how to find out if your information is on the Dark Web, and what you can do to protect yourself and avoid becoming a victim of identity theft.
What Is the Dark Web? How Does Your Information End Up There?
The Dark Web (also known as the Darknet) is an anonymous part of the internet that is not accessible through traditional search engines and web browsers like Chrome or Firefox.
Unlike the “Surface Web” that is accessible to everyone, or even the “Deep Web” — which includes password-protected sites like your email account — the “Dark Web” can only be accessed using special encrypted browsers like the TOR browser.
Encryption scrambles the data and browsing history of Dark Web users, making this area of the internet appealing to hackers who can trade and sell stolen information and illegal goods without the fear of being tracked.
Here are seven ways that your data could end up on the Dark Web:
Data breaches. Hackers launch cyberattacks on organizations that store sensitive data, such as your Social Security number (SSN), credit card number, or IRS tax account. Many cybersecurity experts say it’s safe to assume that every single SSN has been leaked in a recent data breach [*].
Being hacked over public Wi-Fi. Scammers can spy on your browsing activity when you use unsecured networksin cafés, airports, and hotels.
Phishing scams. By impersonating reputable organizations via fake web pages, emails, or text messages (smishing), identity thieves can trick you into disclosing valuable information.
Malware and other cyberattacks. FromSIM swap scamsto spyware, cybercriminals use sophisticated tools and techniques to infiltrate smartphones and computers and steal valuable information.
Leaks from data brokers. If third-party services or lenders store your data and sell it to advertisers, your information could end up on the Dark Web.
Stolen documents and mail. If con artists find sensitive documents, like your unshredded bank statements or loan applications, they could scam you.
Your contact information was added to a target list. If you respond to scammers’ calls, texts, or emails, they will add your contact information to a list of viable targets and sell it to other criminals.
While many people associate the Dark Web with illegal activity, it has legitimate uses as well.
Investigative journalists use the Dark Web to anonymously publish sensitive materials or bypass censorship in countries with restrictive internet policies. The CIA even set up its official presence on the Dark Web for anyone who wants to contact them anonymously [*].
🛡 Protect your identity: If scammers have your personal information (even just your name and phone number), your bank account and identity could be at risk. Try Aura’s award-winning identity theft protection solution (with Dark Web monitoring) free for 14 days and secure yourself against scammers.
What personal information can end up on the Dark Web?
While the Dark Web can be used for both legitimate and illegal activity, it’s mainly used as a place for hackers to sell or trade leaked personal information and forged documents — which can sell for as little as $2 [*].
Typically, this data includes personally identifiable information (PII), such as:
Passports, driver’s licenses, and other forms of ID (scans and stolen copies)
Login credentials (such as online banking usernames and passwords)
Bank account numbers and financial information
Hacked social media or e-commerce account logins (such as Amazon or Facebook)
The bottom line: If any of your personal data is circulating on the Dark Web, this can put you at risk of identity theft and financial fraud. The more hackers and scammers know about you, the easier it is to target you.
With close to 70 personal records lost or stolen every second, it’s more important than ever to take ownership of your data and digital security [*].
Here are five ways to check if your personal information has been exposed on the Dark web:
1. Run a free Dark Web scan (via Aura, Identity Guard, etc.)
Many services offer free Dark Web scans to check if your personal information has been leaked in a recent data breach. However, it’s important to choose a reputable company when running a free scan — as some services may collect and sell any contact information that you provide.
Here are two great options that offer free (and secure) Dark Web scans:
Aura’s free leaked password scanner. Aura is an award-winning identity theft protection service that also provides a free Dark Web scanner. This tool checks your email address to see if any of your passwords have been compromised.
Identity Guard’s free Dark Web scan. Similar to Aura’s scanner, Identity Guard’s free tool uses your email address to scan for any compromised data on the Dark Web.
Quickly shows you compromised accounts that need to be updated immediately.
Doesn’t show other compromised data, such as financial information, healthcare data, etc.
Doesn’t collect any data (other than just your email address).
Only offers notifications about exposure; no extra protection or remediation features.
Free and easy to use.
Doesn’t proactively or regularly scan for future breaches.
2. Check on the HaveIBeenPwned website
HaveIBeenPwned is an independent website that allows you to check if your email address was involved in recent data breaches. The site is regularly updated to reflect new breaches, meaning you’ll potentially get more up-to-date results.
Unlike Aura and Identity Guard’s free scanners, HaveIBeenPwned is an independent website run by Troy Hunt.
Has a comprehensive list of breaches on the homepage.
Lacks advanced features offered by competitors.
Domain search feature is good for site owners.
Stops at notifications — there’s no added protection.
Uses 1Password integration to make it easier to update passwords.
One of the major downsides of any free Dark Web scanner is that it will only uncover leaked passwords, usernames, and other basic information (such as phone numbers). But data leaks regularly include much more sensitive information — such as your SSN, driver’s license, home title information, and more.
A 24/7 Dark Web monitoring service constantly scans new Dark Web databases for your most sensitive information, and alerts you if it’s been compromised.
Constantly checks for recent data breaches, and scans known Dark web sites, forums, and marketplaces.
24/7 Dark Web monitoring is only available on paid plans.
Part of an all-in-one digital security solution that includes three-bureau credit monitoring, VPN, antivirus, secure password manager, $1 million in identity theft protection, and more.
Aura has the fastest alerts in the industry. The moment a criminal attempts to exploit your data — like opening a bank account with your details — you’ll get an alert.
⚡️ Get fast alerts if your information is leaked to the Dark Web. Aura’s award-winning identity theft protection solution includes 24/7 Dark Web monitoring. Try Aura free for 14 days and find out if your sensitive information was leaked online.
4. Install a browser scanner (Firefox Monitor)
Firefox Monitor is a data breach scanner that is powered by HaveIBeenPwned and uses your email address to scan and return results quickly. Firefox Monitor is unique in that it provides individualized advice on what to do for each account if your details have been compromised.
Provides personal security tips.
Requires a Firefox account to use. You can’t use it quickly without logging in to your account.
Searches for well-known data breaches (since 2007).
Can be slow to identify if you’re the victim of a recent data breach.
5. Monitor your personal information for signs of fraud
If scammers are able to find your stolen information on the Dark Web, they could use it to steal your identity or ruin your credit. Unfortunately, Dark Web scanners and monitoring tools can only tell you if your data has been exposed — not if it’s been (or is being) used.
By monitoring your credit report and other sensitive information, you can quickly discover if your leaked information has been used by criminals.
While it’s possible to regularly check your bank statements and credit reports (by reviewing your available free credit reports on AnnualCreditReport.com), an identity monitoring service is a much better option.
For example, with Aura, you get:
Three-bureau credit monitoring with the fastest fraud alerts. Aura constantly monitors your credit report with all three bureaus — Equifax, Experian, and TransUnion — for signs of fraud. If anything suspicious is detected, you’ll get an alert in near real-time.
Identity and SSN monitoring. Aura monitors your most sensitive information — including your SSN, passport and driver’s license, email, and more — across the internet, public databases, and the Dark Web.
Powerful digital security to shut down scammers. Aura helps prevent scammers from gaining access to your sensitive information in the first place. Every Aura account comes with a secure password manager (including leaked password alerts), antivirus protection, virtual private network (VPN), Safe Browsing tools, and more.
24/7 U.S.-based Fraud Resolution Specialists and $1 million in coverage. If the worst should happen, Aura’s team of trained professionals can guide you through the fraud resolution process. Plus, you get peace of mind knowing that every adult member on your plan is covered for up to $1 million in eligible losses due to identity theft.
Actively monitors your personal and financial information on the Dark Web, internet, and public forums.
Only available as a paid service.
Proactively protects your data, devices, and networks from hackers and scammers.
Alerts you in near real-time to signs of fraud and gives you the resources to protect yourself and your family.
Every Aura account comes with a free 14-day trial so you can try out all features and tools for yourself. Plus, annual plans include a 60-day money-back guarantee.
🛡 Start protecting your personal information today! Try Aura free for 14 days and secure your identity and finances from scammers.
Has Your Personal Data Been Leaked? Do This
If you find out that your passwords or personal information have been leaked on the Dark Web, there's a good chance that most of your sensitive information has been compromised. At this point, it’s crucial that you take action to protect your identity and online accounts.
Here’s what to do if your personal information is on the Dark Web:
Freeze or lock your credit file
An identity thief can use stolen information from the Dark Web to obtain a fraudulent credit card or loan. A credit freeze or lock puts a hold on your credit file — preventing anyone from opening new accounts in your name. You must contact each of the three major credit bureaus to request a credit freeze.
Update your accounts with strong and unique passwords. Start with high-risk passwords — like your online banking, email, and Medicare accounts. It’s easier to create and store complex passwords for every account with Aura’s password manager.
Enable 2FA on all of your online accounts
There are over 555 million stolen passwords on the Dark Web [*]. If your credentials are among them, two-factor authentication (2FA) may be the only thing stopping someone from taking over your email inbox or bank account. With a one-time password (OTP) or fingerprint scan, there’s less chance of getting hacked.
Check your account statements and credit report
When you get into a good habit of monitoring your financial accounts, you can spot any fraudulent activity early. Review your bank and credit card statements regularly for any unauthorized transactions. You can also order your free credit report from each of the three bureaus at AnnualCreditReport.com.
Contact the fraud department at your bank
If you notice any suspicious activity on your statements or credit report, contact the fraud department at your financial institution immediately. The support team can help you dispute fraudulent charges and take security measures to prevent further damage to your finances.
Nearly 60% of all calls in 2021 were robocall scams, while spam texts grew 1000% from 2021 to 2022 [*]. To stop phishing attempts, you can install a call blocker app to filter out unwanted calls coming from fraudsters who have your phone number. You can also turn on call filters and use antivirus software to stop spam texts.
Secure your SSN
Fraudsters can use stolen SSNs to access your healthcare or tax benefits. So, it’s crucial that you never share your SSN with anyone over the phone or via email — and always keep your Social Security card in a safe place.
Use Safe Browsing tools to protect against phishing attacks
Aura’s Safe Browsing tools can warn you if you’re entering a fake website that could steal your personal information. Aura also includes anti-tracking tools with every plan to keep your data private while you browse online.
Warn any impacted agency or company
If you believe someone has access to your personal details, contact the relevant authorities to get support. For example, contact the Department of Motor Vehicles (DMV) if someone steals your driver's license. If your passport is stolen on vacation, get in touch with the Embassy. Authorities at the right office can cancel the documents to help prevent fraud in your name.
If you're concerned about the security of your personal information, consider signing up for an identity theft protection service.
These dedicated digital security providers monitor your credit report, bank accounts, SSNs, and more. You’ll get alerts if your sensitive data is detected on the Dark Web — along with support to improve your security and recover from fraud.
You can try Aura’s award–winning identity theft protection solution free for 14 days.
In just two weeks, you can find out what personal information has been leaked to the Dark Web, remove your details from data broker sites, track and monitor your credit score, shield your data from hackers, and more.
Can You Remove Your Information From the Dark Web?
Unfortunately, once your information is on the Dark Web, there's nothing you can do to remove it. Even if you were able to track and delete some of your stolen data, it's impossible to know who has accessed your information or where it's being stored.
Another thing to consider is that it can be even more dangerous to try and access the Dark Web yourself.
Accessing the Darknet is not the same as using the Surface Web — it requires a Tor browser and strong, tech-savvy skills. If you don’t know what you’re doing, you may unwittingly download malicious files or open the door to other scammers who are watching your activity.
A proactive approach is the best way to protect yourself and your family. If a data breach compromises your personal information, you can stay one step ahead of the scammers by taking steps to safeguard your data.
How To Protect Your Personal Information Online
When there is less of your data available to hackers, there's less chance you'll become a victim of identity theft or other cybercrimes. Here are seven steps you can take to keep your sensitive data safe:
Use strong passwords. If you have any doubts, take time to update the login credentials for each of your accounts. Ensure that you use a long, unique combination of upper and lower case letters, numbers, and symbols.
Enable 2FA. Two-factor authentication (2FA) adds an extra layer of security that makes it harder for hackers to gain access to your accounts. Consider biometric authentication or a hardware security key for maximum protection.
Run scans with a third-party antivirus. Sometimes, your native security software is not enough. Aura’s antivirus software can catch any malware that slips past built-in solutions on your device.
Keep your software updated. Vendors release updates to patch vulnerabilities and make apps more robust in the face of emerging cyberthreats. You can enable automatic updates to make sure you remain protected.
Don't overshare on social media. Every profile you (or your kids) create on social media, gaming platforms, and online forums adds to your digital footprint. Delete personal information and location-tagging services to reduce your digital footprint.
Use a virtual private network (VPN). With a VPN switched on, you can hide your IP address, activity, and information from hackers, scammers, and unscrupulous advertisers. Aura’s military-grade VPN encrypts all of the data on your network.
Learn how to spot scams. You can become better informed about the latest online scams by reading blog posts and watching videos. The more you know, the better it is for your identity protection.
The United States experiences more data breaches than any other country, impacting over 200 million people a year [*]. As most of us are online daily, there’s a high chance that some of your personal information is already circulating on the Dark Web.
You can’t remove your data once it’s exposed, but you can take steps to stop hackers and scammers from stealing your identity.
Aura’s award-winning identity theft protection solution includes 24/7 Dark Web monitoring that checks for exposed passwords and sends you rapid alerts, so you can update accounts before it’s too late. Enjoy added security and peace of mind with Aura’s Safe Browsing tools, antivirus software, and military-grade VPN — included with every plan — along with up to $1 million in insurance coverage for eligible losses due to identity theft.