What to do if your information is found on the dark web

How to keep yourself safe in the hyperbolic world of credit alerts and potential dangers, specifically surrounding the dark web.

I got a concerning email the other day. It was from a credit monitoring service that I signed up for a while back (through Chase, if you’re curious).

It said something like, “Your personal information was found on the dark web.”

Yikes! Way to make my morning tea go cold.

What was it, how did it happen, and how bad is it?

Dark matters

We have an unfortunate tendency in our society to associate “dark” with bad. (Sorry, Dr. Kendi; I promise we’re working on this.)

Not always. As someone who studied physics in college, dark matter isn’t sinister at all. it’s just a type of matter that we can’t see, and that doesn’t interact with light or electromagnetism.

But the word “web” sounds natively a little questionable, and when you add in “dark”, you get something that sounds, for better or worse, kind of spooky.

What is the dark web?

But what actually is this “dark web”? Is it just websites that have “night mode” turned on? Pages with unseemly content on them? What should we be afraid of?

Actually, the dark web just refers to websites that are not accessible through standard search engines or browsers. You can’t use a normal browser and type in the address of a “dark web” website and get there.

Instead, to access these sites, you need to use special software called Tor, which can open your browser up to these specific websites.

Are all dark web sites bad?

Certainly not. Like all anonymizing areas on the internet, some places are used to evade detection for safety or privacy reasons.

Also, I’ve just learned while researching this post that there is (or at least, was) a chess club that meets on the dark web. I just love that.

But let’s be honest, whenever there’s anonymity and privacy, the worst of people can come out. So there are definitely dark web sites that allow for illegal, illicit, and just very, very bad activities.

All that said, to call the “dark web” all bad seems a little dramatic to me, which is why I find the hysteria over the phrase “dark web” a little overblown.

My info was found there

Now, to the email I received, saying my info was “found on the dark web”. What did that mean? Was I party to illicit activities? Will the Feds beat down my door? Am I a criminal now?

I logged in to my monitoring service to see what had been found. And it turns out that an email and password had been discovered lurking in the dark reaches of the dark web, presumably from one of the many breaches that have been perpetrated over the years.

The email was my personal email address, which I use for all of my public communications. It’s not exactly a secret.

The password was interesting though. It only showed me the last three characters of the password, but it was a type that was unfamiliar to me. It’s certainly possible that I had created a password with those three characters, but I couldn’t recall where, and if I had, it had been years, if not over a decade. Certainly nothing that had important (or financial) ties to it.

What should you do?

The answer to what you should do if you find out that your personal information was found on the dark web depends on what information is found.

  • If you found a credit card number, you should probably contact your bank and tell them to throw that one out and get a new card number.
  • If you found a password that is one that you recognize, or if the associated website is known to you, then you should immediately change your password there. And while you’re at it, change it everywhere you’ve used that specific password (not judging, just saying).
  • And as always, whenever anything is at risk for affecting your credit history, you should check all three of your credit reports. (I made tutorials on how to check each of Equifax, Experian, and TransUnion.) If you find something that looks suspicious, report/dispute it as being incorrect.
  • You may also want to freeze your credit, if you haven’t already. No one can take out new lines of credit in your name when your credit is frozen.

Don’t be afraid of the dark (web)

As you can see by the above list, there’s nothing crazy that you need to do when your information is found on the dark web. It’s just basic online security best practices.

Breaches happen. Your information is probably out there. (Check the site Have I Been Pwned to see what I mean.) You can try to minimize the chances of these attacks, but it’s not all up to you. The best thing you can do is to keep an eye on your credit reports, change your passwords and make them more secure, and report any suspicious activity. Aside from that, no need to worry.

Comments are closed.