This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

How To Find Out If Your Information Is on the Dark Web (For Free)

Free Dark Web scanners can only do so much. Use these tools to dig deeper into the Dark Web and learn how at risk you are of scams and identity theft.

Free Dark Web scanners can only do so much. Use these tools to dig deeper into the Dark Web and learn how at risk you are of scams and identity theft.

Illustration of a hook underwater with a question mark wrapped around it.

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.6 stars as of Sept. 2024

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      Is Your SSN, Email (or Something Even Worse) on the Dark Web?

      When hackers infiltrate organizations and companies, any information about you in their databases can end up for sale on the Dark Web. 

      Unfortunately, this happens a lot

      Last year alone, the sensitive data of over 353 million victims was exposed [*] — which means that your personal information is almost certainly circulating on the Dark Web. 

      The simplest way to check if your information has been leaked is to use a free Dark Web scanner like the ones offered by Aura or HaveIBeenPwned. These tools safely check your email address against recent data breaches to see if your passwords or personal information have been leaked. 

      The downside to using free tools is that they only scratch the surface. To find out the true extent of how much of your personal information has been leaked, you need a stronger and more continuous monitoring method . 

      {{show-toc}} 

      How Does Your Information End Up on the Dark Web (and What’s There)?

      The Dark Web (not to be confused with the Deep Web) is a hidden part of the internet that is inaccessible through traditional “surface web” search engines and web browsers like Chrome or Firefox. Instead, accessing the Dark Web requires a specialized browser called Tor, which hides users’ locations and identities.

      The anonymous nature of Dark Web sites makes them perfect for illegal activity — including buying and selling stolen information from data breaches. 

      This can include your:

      • Contact details, such as your email, phone number, or home address
      • Financial information, including account numbers and credit card details
      • Account passwords for your email, social media, and even online banking accounts
      • Scans of physical IDs and documents, such as your driver’s license, passport, or birth certificate

      While searching for your information on Dark Web marketplaces might be tempting, it’s not worth the risk. 

      Many Dark Web pages and forums are home to hackers who may try to infect your device with malware, or target you with phishing and other cyberattacks. Plus, you most likely won’t be able to remove your data from the Dark Web anyway. 

      💡 Related: What To Do If Your Email is Found on the Dark Web

      3 Ways To Find Out If Your Personal Information Is Circulating on the Dark Web

      It’s nearly impossible to scan all Dark Web sites for your personal data. For this reason, companies and services offer to monitor your sensitive information across common hacker forums and sites where it can appear after a data breach. 

      Here are three of the most common ways to find out if your data is on the Dark Web:

      1. Use a free Dark Web scanner

      Free Dark Web scanners check a smaller portion of known hacker sites for personal information. Because these services are free, they only check for information relating to the email address you enter — this is usually limited to just leaked passwords.

      Screenshot of Aura’s free Dark Web scanner with an email capture form and a button to see results.

      Aura’s Dark Web scanner, Identity Guard’s Dark Web scanning tool, and HaveIBeenPwned are all reliable free options to check whether your sensitive information is on the Dark Web. 

      💡 Related: What Is Dark Web Monitoring? (Get a Free Dark Web Scan)

      2. Take advantage of tools in your browser, or use a password manager

      Many services that store your passwords — such as password managers and browser extensions — can also monitor them to see if they’ve been exposed after a data leak. Some examples include Mozilla Monitor (free) and Mozilla Monitor Plus (paid).

      Google also offers American residents a "Dark Web Report" feature as part of its subscription service, Google One. In June 2024, Google announced it would soon offer Dark Web scanning to all users [*].

      Again, the downside of these services is their limited scope. You’ll only find out if passwords and other saved data have been leaked. 

      💡 Related: What is a Dark Web Alert? What Should You Do If You Get One?

      3. Sign up for a 24/7 Dark Web scanning service

      To check for more sensitive leaked information — such as your Social Security number (SSN), phone number, or scans of your physical IDs — you need to sign up for a dedicated Dark Web monitoring service. 

      These paid services provide continuous surveillance — scanning new Dark Web databases for your most sensitive information and alerting you if your data is found. Most Dark Web monitoring services also come bundled with identity theft protection, credit monitoring, and digital security tools such as antivirus and a password manager.

      💡 Related: The 10 Best Dark Web Monitoring Services in 2024

      What To Do If Your Personal Information Is Discovered on the Dark Web

      If you get a notification that your passwords, credit card numbers, or personal information have been leaked on the Dark Web, you should assume that other sensitive data is also at risk. 

      Here’s what you should do right away to limit the damage if your personal information is circulating on the Dark Web:

      Freeze your credit files

      A credit freeze limits access to your credit reports — preventing anyone from opening new accounts or taking out loans in your name. A credit freeze won’t hurt your credit score and can be lifted whenever you need to apply for credit (such as for a mortgage or auto loan). 

      To freeze your credit, you need to contact each of the three major credit bureaus individually — Experian, Equifax, and TransUnion.

      Experian
      Equifax
      TransUnion
      1-888-397-3742
      1-800-685-1111
      1-888-909-8872
      Experian Security Freeze — P.O. Box 9554, Allen, TX 75013
      Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788
      TransUnion LLC – P.O. Box 2000, Chester, PA 19016

      Is a credit freeze the same as a fraud alert? No. While some experts suggest placing a fraud alert on your account, it may not be enough to prevent fraud. 

      An alert only warns lenders that your credit file has been compromised — and suggests that your identity be verified. But experienced identity thieves know how to bypass these security measures. A freeze entails a bit more work to initiate, but it will keep you safer. 

      💡 Related: Credit Lock vs. Credit Freeze: Which One Is More Secure?

      Change your passwords 

      Many data breaches leak passwords and other online credentials that can give hackers access to your accounts. Even worse, if you’re not using unique passwords, a single breach can give hackers access to multiple accounts. 

      As soon as you find out that your passwords have been compromised, update your accounts with unique and strong passwords that are at least 13 characters long and use a combination of uppercase and lowercase letters, numbers, and special characters.

      Pro tip: For added security, use a password manager to create and store your passwords. These tools provide a secure, central location for all of your credentials, giving you easy access to your accounts with a single master password. 

      Enable two-factor authentication on all accounts

      Two-factor authentication (2FA) is an additional layer of cybersecurity that prevents someone from accessing your online accounts even if they have your password or username. With 2FA enabled, your email, online banking, and other accounts will require a secondary authentication method to access — such as a one-time-use code or biometrics (such as your fingerprint or facial scan). 

      For the strongest security, experts recommend using an authenticator app, like Okta or Google Authenticator, rather than receiving 2FA codes on your phone. This is because scammers can gain access to your phone number (and SMS texts) by conducting what’s called a SIM swapping scam

      💡 Related: Does Two-Factor Authentication Prevent Hacking?

      Contact your bank’s fraud department

      Notify the fraud departments at banks, credit unions, and credit card companies as soon as you know your financial details may have been compromised. 

      Not only will this give you a head start on canceling and closing impacted cards or accounts — it can also limit your liability if scammers manage to access your funds. Depending on how you were targeted, banks may only refund scammed money if you contact them within a few days of noticing a fraudulent withdrawal or transfer.

      Check your account statements and credit reports for fraud

      Look for suspicious activity across all of your financial accounts and credit files. Every American is entitled to free credit reports from all three of the major credit bureaus each week by visiting AnnualCreditReport.com.

      Check your statements for suspicious activity, incorrect personal information, and unfamiliar new accounts. Don't ignore small charges, either, as thieves test stolen credit card numbers by making small purchases before trying to max out their victims’ credit lines. 

      {{show-cta}}

      Proactive Steps You Can Take To Combat Future Fraud

      Once your accounts and finances are secure, you can take steps to protect yourself from other types of fraud that could occur when your information is available on the Dark Web. 

      Safeguard your Social Security Number (SSN)

      Your SSN is the “master key” to your identity. In August 2024, news agencies reported that 272 million Social Security numbers were stolen and leaked on the Dark Web by the hacker group USDoD [*]. If your SSN was involved in a leak like this, you could be at serious risk of identity theft.

      An identity theft protection service can monitor your SSN for fraudulent uses or learn if it’s been leaked. However, you can also take steps to proactively protect your SSN:

      1. Create a my Social Security account to prevent scammers from opening one in your name. 
      2. Request to "Block Electronic Access" to your Social Security records by calling the Social Security Administration (SSA) toll-free National Hotline: 1-800-772-1213.
      3. If your Social Security card is lost or stolen, contact your local SSA office to request a replacement [*].

      💡 Related: My Social Security Number Was Found on the Dark Web. Help!

      Lock your SIM to prevent port-out scams

      If your phone number is exposed on the Dark Web, a scammer could contact the provider and convince them to transfer your number to a new SIM — in the scammer’s possession. You can set a SIM code in your security settings to stop this type of attack and protect against hackers trying to access your data and linked accounts on your smartphone.

      Here’s how to lock your SIM on your mobile device:

      Note: If you unlock your phone by using your fingerprint or Face ID, this doesn’t mean your SIM is automatically protected. You only input your SIM security code when powering on the device – not every time it wakes from sleep mode.

      Reach out to government agencies for specific assistance

      If you believe someone has gained access to or is abusing your personal information, contact the relevant authorities to get support — and contact any impacted companies to report your identity theft.

      Type of crime
      Agency/Organization to contact
      What to do
      Identity Theft
      Federal Trade Commission (FTC)
      File an official identity theft report at IdentityTheft.gov. You’ll also receive a personal recovery plan.
      Tax Identity Theft
      Internal Revenue Service (IRS)
      If you suspect tax-related identity theft, contact the IRS at 1-800-908-4490 and follow their guidance. You may need an IRS IP PIN to file your tax returns securely [*].
      Criminal Identity Theft
      Local police
      File a police report with your local law enforcement and the precinct where the crime was committed.

      Sign up for identity theft protection

      Dedicated identity theft protection services monitor your credit reports, bank accounts, SSNs and other sensitive information, and alert you to potential fraud. 

      For example, Aura monitors over 130 unique pieces of personal information on the Dark Web and alerts you in near real-time if anything is found. If the worst should happen, you’ll also get access to 24/7 U.S.-based fraud remediation specialists and up to $5 million in identity theft insurance to cover eligible losses and expenses incurred during the recovery process.

      💪 Shut down cybercrime with Aura. Sign up for a free 14-day Aura trial and get instant access to data breach notifications, Dark Web monitoring, three-bureau credit monitoring, 24/7 support, and more.

      How To Keep Your Personal Information Off of the Dark Web

      Removing sensitive personal info from the Dark Web is just about impossible. Therefore, it’s better to minimize your digital footprint as much as possible to make yourself a less vulnerable target. 

      • Limit the information you share with companies. Anything you share publicly online or even privately with a company can be leaked. Be sure you know whom you’re trusting with your sensitive data.
      • Remove personal information from public sources. Make social media accounts private and search for and remove personal information from the internet. You can also request that Google hide your sensitive data from search results
      • Be careful about signing up for services. Check reviews of new services and apps for privacy complaints or sketchy data sharing policies. Also, only download apps from the Google Play Store and the App Store rather than from unknown third-party websites.
      • Submit data removal requests to data brokers. Also known as people search sites, data brokers collect and sell your personal information to marketers (and anyone else). You can manually request removal from their databases — but there are hundreds of data brokers in the United States alone. Aura can automatically send removal requests on your behalf. 
      • Browse with a virtual private network (VPN). Scammers and website owners can track your activity online and use it to target you with ads and scams. A VPN hides your IP address and encrypts your data while you’re online so that you can browse safely and anonymously. A VPN is especially useful when using public Wi-Fi networks that can be more easily compromised. 
      • Learn how to spot scams. Cybercriminals are always devising new ways to scam people. You can protect yourself and your family by learning about the latest online scams.
      Stay safe from scammers and online threats. Try Aura free for 14 days.

      Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.

      Is this article helpful so far?
      Yes
      No
      Skip
      Need an action plan?

      No items found.
      Is your child ready for a cell phone? Take this quiz to find out.
      Start Quiz

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      Illustration of a piece of ID with a shield and checkmark in place of a photograph
      Identity Theft

      Is Identity Theft Protection Worth It in 2024? Only in These Cases

      Identity theft protection services aren’t right for everyone. But if you’re a prior victim or have family members to protect, it could make sense for you.

      Read More
      August 28, 2024
      I gave my Social Security number to a scammer - illustration
      Fraud

      Did You Give Your SSN To Scammers? Do This Now

      Scammers can use your Social Security number to steal your identity — or worse. Here’s what you need to do if you accidentally gave your SSN to scammers.

      Read More
      August 11, 2023

      Try Aura—14 Days Free

      Start your free trial today**