This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

My Social Security Number Was Found on the Dark Web. Help!

Hackers sell stolen SSNs on the Dark Web for as little as $2. Here’s what to do if your Social Security number was found on the Dark Web.

Illustration showing a flash light shining on an SSN card

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.7 stars as of March 2024

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      Did You Get an Alert That Your SSN Is on the Dark Web?

      Allison Fanney was fresh out of grad school when she was hit with an unexpected IRS bill for $14,900 in unpaid taxes, penalties, and interest. 

      Confused and scared, she started investigating. Eventually, Allison discovered that someone had used her Social Security number (SSN) to file a fraudulent tax return – a crime that took nearly eight months for Allison to resolve [*].

      According to many cybersecurity experts, it’s safe to assume that almost every American’s SSN has been compromised at least once [*] — with the majority of them turning up for sale on the Dark Web.

      Using your SSN, scammers can easily open new accounts, claim Social Security benefits in your name, or steal your identity.

      In this article, we’ll explain how your information ends up on the Dark Web, how to know if your SSN has been compromised, and what you can do to protect yourself online.


      What Does It Mean If Your Information Is on the Dark Web?

      The Dark Web is a small part of the web that isn’t indexed, meaning that it can’t be accessed by normal search engines. Instead, it can only be accessed with special browsers like Tor. 

      Because of its anonymity, the Dark Web is commonly used by hackers and scammers to trade and sell personally identifiable information (PII) — such as SSNs or login credentials — acquired through cybercrime. 

      For example, last year, hackers breached T-Mobile's databases and stole sensitive information on more than 47 million customers [*]. The stolen data included names, SSNs, and driver’s licenses — more than enough for scammers to commit identity theft, fraud, and further scams.

      Other recent data breaches have affected millions of Americans who use services like Facebook, Capital One, and American Airlines [*].

      With your information in hand, criminals can:

      • Use leaked passwords to break into your online accounts (social media, email, banking).
      • Use your stolen Social Security number to apply for benefits in your name, take out loans in your name, file fraudulent tax returns, and obtain illegal employment in your name. 
      • Use stolen financial information to open accounts or request new credit cards for which you will be responsible.
      • Use leaked personal information (address, phone number, credit card numbers) to target you with sophisticated phishing and social engineering attacks.

      📚 Related: Deep Web vs. Dark Web — What You Need To Know

      Can You Remove Your SSN (and Other Info) From The Dark Web?

      Unfortunately, it’s virtually impossible to remove your SSN or other information from the Dark Web once it’s been put up for sale. 

      Stolen data is stored on unregulated marketplaces, out of the reach of authorities. Even if the data is taken down from one site, cybercriminals can simply re-upload it elsewhere. Therefore, you need to be proactive about knowing what information has been compromised and then secure your digital identity from scammers. 

      Here’s What To Do If Your SSN Was Found on the Dark Web

      1. Do a full Dark Web scan
      2. Freeze or lock your credit
      3. Update passwords, enable 2FA
      4. Check your credit report, bank statements
      5. Sign up for myE-verify and “self-lock” your SSN
      6. Report the fraud to authorities
      7. Sign up for identity theft protection

      If your SSN was found on the Dark Web, you need to act quickly to mitigate the potential danger. Here’s what you should do:

      1. Do a full Dark Web scan to see what information hackers have

      A Dark Web scanner searches the depths of the internet for your personal information. Scanners can tell you whether your credit card details, SSN, or passwords have been leaked or stolen. 

      Here are three powerful (and free) Dark Web scanners you can use right now:

      Unfortunately, free Dark Web scanners are often limited in what they can find (and don’t constantly monitor the Dark Web for your information). 

      Instead, a Dark Web monitoring service like Aura periodically scans Dark Web forums and websites for your personal information and then sends you notifications whenever anything suspicious is detected.

      You can sign up for a free 14-day trial of Aura and start monitoring the Dark Web for your sensitive information right now.  

      How to scan the Dark Web for your personal data
      • Enter your main (and any other commonly used) email addresses in Aura’s free Dark Web scanner. You can cross-reference with other scanners such as Identity Guard’s Dark Web scanner and HaveIBeenPwned.
      • Make a list of all compromised accounts and pieces of personally identifiable information (PII). 
      • Sign up for a Dark Web monitoring service to automatically be alerted if any of your information is found online. 

      📚 Related: How To Find Out If Your Information Is on the Dark Web

      2. Freeze or lock your credit immediately

      Freezing or locking your credit accounts helps ensure that hackers cannot open accounts in your name — even if they have all of your credentials. 

      Credit locks are instantaneous, but require enrollment in a paid program with one of the three major credit bureaus — Equifax, Experian, or TransUnion. (You can instantly lock your Experian credit file with one click using Aura’s mobile or web app, which is included with every Aura plan.)

      You can also request a credit freeze from any of the major bureaus, but it may take up to 24 hours to take effect — a risk that you may not want to take. A freeze doesn’t affect your credit score, but it will block all legitimate credit applications (in addition to fraudulent ones) unless you turn it off.

      How to lock or freeze your credit
      • Individually contact Equifax, Experian, and TransUnion and request a credit freeze from each. You will need to provide your name, date of birth, address history, and SSN.
      • Sign up for one of the credit lock programs, including Equifax Lock & Alert, TransUnion TrueIdentity, or Experian CreditLock to lock your credit. 
      • Sign up for Aura and get fraud alerts when suspicious new inquiries to your credit file occur. Lock and unlock your credit file immediately using the Aura mobile app and biometric identification. 
      Take action: Aura can alert you in near real-time if someone has gained access to your information and is trying to steal your money or identity. Try Aura free for 14 days →

      3. Update all compromised passwords and enable 2FA

      Your passwords are the first line of defense against cybercriminals — and the last line, too, without two-factor authentication (2FA). To protect yourself, you need to make sure your passphrases are as impenetrable as possible. 

      Here’s what to do
      • Update all of your accounts. If a password or your personal information is circulating on the Dark Web, you need to act fast to secure your accounts. The first step is to change all of your compromised passwords immediately. 
      • Use complex, long, and unique passwords. Your passwords should be between 12 and 15 characters long and include a combination of numbers, letters, and symbols. Each password should be unique so that in the case of a data breach, only one account is compromised. Avoid easy-to-guess phrases like your name or birthday. 
      • Use 2FA or multi-factor authentication (MFA). Even the strongest passwords can be leaked or stolen. Enabling 2FA or MFA provides another layer of protection that prevents criminals from accessing your accounts. 

      4. Check your credit report and bank statements

      If your SSN or other personal information has been discovered on the Dark Web, you need to monitor your finances to ensure your identity isn't stolen

      How to monitor your financial institutions
      • Request a free credit report from to check whether anyone has obtained unauthorized loans in your name.
      • Monitor your bank accounts for suspicious transactions. A credit monitoring service will monitor your bank, credit, and investment accounts 24/7 and alert you to any suspicious activity. 
      • Contact the fraud department of your bank or credit card company to restore ownership and security of your accounts.

      📚 Related: What To Do If Your Email is Found on the Dark Web  →

      5. Sign up for myE-verify and “self-lock” your SSN

      The Department of Homeland Security offers a self-lock feature known as E-Verify. This enables you to “lock” your SSN and block any electronic access attempts. 

      E-Verify is primarily used to prevent employment-related identity theft. By locking your SSN, you prevent criminals from using your identity to gain employment, commit insurance fraud, and further steal your identity.

      How to sign up for Self-Lock and freeze your SSN

      To sign up for E-Verify, create a myE-Verify account. Then, follow the instructions to prove your identity. Once your account is up and running, you can freeze your SSN by opening your dashboard, clicking on “Manage My SSN” and then “Lock My SSN.” 

      Set your challenge questions (so that you can unlock your SSN later), and click on “Lock My SSN” once more. 

      📚 Related: How To Check If Someone Is Using Your SSN

      6. Report the fraud to authorities

      If you’re a victim of fraud, it’s vital that you report the crime to the relevant agencies. By reporting fraud, you help to protect yourself and others from further damages. 

      It’s especially important to complete a fraud report if you are going to dispute fraudulent charges; otherwise, there’s no proof of your being a victim.

      Where to report the fraud

      There are three authorities to which you need to report the crime:

      • The Federal Trade Commission (FTC) at
      • The FBI’s Internet Crime Complaint Center (IC3)
      • Local law enforcement 

      7. Consider signing up for identity theft protection

      To avoid falling victim to scammers, hackers, and fraudsters, you need proactive protection. An all-in-one digital security solution like Aura can monitor your accounts, alert you of suspicious activity, and help protect you against cyberattacks.

      With Aura, you get:
      • Dark Web monitoring and identity theft protection. Get alerted if your SSN has been found on the Dark Web. Identity theft protection monitors your PII, credit cards, home title, bank and investment accounts, IDs, and more. 
      • Financial Fraud and Credit Protection. Aura offers three-bureau credit monitoring and the ability to lock your Experian credit file with one click. Aura sends alerts up to 4x faster than competitors. 
      • Instantaneous credit lock. If you discover that your SSN is circulating on the Dark Web, immediately lock your Experian credit file from either the mobile or web app to prevent further damage. 
      • Identity theft insurance coverage. With Aura, every adult member on your plan receives $1 million in identity theft coverage and 24/7 access to a team of U.S.-based White Glove fraud recovery specialists.
      Take action: Secure your identity and finances from scammers. Sign up for a free 14-day trial of Aura and start protecting your bank, credit, and online accounts, as well as other sensitive information.

      How To Tell If Scammers Are Using Your SSN

      There are several warning signs that indicate scammers are using your SSN illegally. To make sure you’re safe, investigate the following:

      • Check your mySocialSecurity account. Sign in to your account with the Social Security Administration (SSA), and check your Social Security Statement to ensure that all of your information remains correct. If your earnings or any information is incorrect, it’s a sign that scammers are using your SSN. 
      • Monitor your credit for suspicious activity. Download a free annual credit report. Check for suspicious charges and accounts that you didn’t authorize. You can also sign up for a credit monitoring service to keep an eye on your accounts in near real-time. 
      • Check your tax accounts. Sign in to your IRS account to view a breakdown of your tax records by year. If the amount of taxes that you owe seems off, if someone else has submitted a tax return in your name, or there are authorization requests that you didn’t approve, contact the IRS immediately. 
      • Scan the Dark Web. Use a Dark Web scanner to find out if your SSN is for sale. If you discover that it’s on the Dark Web, chances are someone is using it (or is planning to), and you need to act fast to secure your accounts. 
      • Check if someone has taken out benefits in your name. As identity thieves will use your SSN to try and claim benefits in your name, you should keep an eye out for signs of these scams and check with your benefits providers if you’re concerned. 

      📚 Related: 14 Hidden Dangers of Identity Theft That Can Ruin Your Life

      Should You Change Your SSN if It Was Stolen?

      Unfortunately, there are only specific situations in which you can change your SSN. Even if you’ve had your SSN stolen, it doesn’t mean you can get a new one. 

      Furthermore, changing your SSN can cause problems with your earnings history and credit report, making it more difficult to apply for legal documents, passports, and loans. 

      In most cases, you’re better off dealing with the fallout of SSN theft than trying to get a new SSN.

      How To Keep Your Sensitive Information Off The Dark Web

      Since it’s almost impossible to remove data once it’s been leaked to the Dark Web, prevention is the best way to protect yourself. Take these critical steps to ensure that you keep your personal information private:

      • Use a password manager to secure your online accounts. Make sure you’re using unique passwords for all of your accounts so that if one account is breached, you’re not giving hackers access to everything else. 
      • Be selective about to whom you give your SSN and other sensitive information. When in doubt, do not include it on an application form. 
      • Reduce your digital footprint by sharing less personal information online and in your social media profiles.
      • Safeguard your online life with an all-in-one digital security provider like Aura that includes antivirus software, a password manager, virtual private network (VPN), credit monitoring, and more.

      Scammers will do everything in their power to gain access to your accounts, and your Social Security number is one of their favorite targets.

      Sign up for Aura and be alerted in near real-time if someone uses your SSN or if any unauthorized activity is detected on your financial accounts.

      Secure your digital life. Try Aura free for 14 days
      Need an action plan?

      No items found.

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      Illustration of a credit card protected inside of a glass case
      Credit & Finance

      How To Prevent Credit Card Fraud: 10 Essential Steps

      Criminals use your physical card or stolen credit card numbers to make purchases in your name or impersonate you — here's how you can stop them.

      Read More
      June 23, 2023
      Illustration of a deep sea diver shining a light on a warning symbol
      Internet Security

      Did You Get a Dark Web Alert? How To Secure Your Accounts

      If your PII surfaces on a cybercrime forum or website, there are ways for you to receive early notifications. This is where Dark Web alerts come in.

      Read More
      April 24, 2023

      Try Aura—14 Days Free

      Start your free trial today**