We hear a lot of talk today about the “Dark Web”. Stories abound about the nefarious goings-on and the sinister entities behind them.

But what is the dark web, exactly? Who uses it? How does it affect you? And is it all bad?

What Is The Dark Web?

The dark web is a hidden network of websites that you need special tools to access. You won’t find these sites by searching on Google. These sites are heavily encrypted and hosted on anonymous servers. They’re used by people looking for serious anonymity—sometimes for legitimate reasons, other times not so much.

To get to the sites, users leverage tools like TOR (short for “the Onion Router”). TOR was originally developed by the U.S. Navy and does have its legitimate uses. For example, political activists living in oppressive states use the encrypted web to share information, while reporters in conflict regions often use the dark web to communicate with sources.

However, the anonymity provided by the dark web is often exploited by hackers and criminals who trade in illegal goods, services, and your stolen personal data.

The dark web has become a rich marketplace for trading in email addresses, bank account and credit card information, Social Insurance Numbers, and passport details, among other things. Having this personal information on the dark web can expose you and your company to possible identity theft and fraud.

How Your Personal Information Ends Up On The Dark Web

Generally, your personal information ends up on the dark web through data breaches. And those breaches are becoming more and more common, affecting billions of people.

The July 2019 Capital One data breach revealed the personal information of some 100 million Americans and 6 million Canadians. And that doesn’t even put it in the Top 10 of similar breaches as measured by number of customer records affected.

Here are some other major data breaches you may remember:

  • Yahoo! (2013; 2014)
  • Number of Records Affected: 3 billion; 500 million

  • Marriott International (2018)
  • Number of Records Affected: 500 million

  • First American Financial (2019)
  • Number of Records Affected: 885 million

  • Facebook (2019)
  • Number of Records Affected: 540 million

Whether it’s your email address and password, or something even more sensitive (like your banking info or SIN number), your personal information could already be on the dark web and up for sale.

The next question is: how can you find out?

Man typing with two laptops set up in front of him.

How To Check The Dark Web For Your Information

Start with a Dark Web Scan

A dark web scan gathers data dumps from popular websites on the dark web. These data dumps are databases of personal information like usernames and passwords that have been gathered from compromised websites and released online. A “dark web scan” is a bit of a misnomer—the scan is actually of these lists of leaked personal information rather than a scan of the dark web itself.

The results of the dark web scan will let you know if your personal information—including usernames and passwords, email addresses, banking and credit information and Social Security or Social Insurance Numbers—is found on one of these lists.

However, even if the scan says you are fine, you might not be. With so many websites, no service can scan the entirety of the dark web. They’re only searching the leaks to which they have access—which could mean your data is vulnerable.

Check it with a Free Tool Yourself

Have I Been Pwned? is a free tool created by Troy Hunt that searches over 322 data dumps from websites to tell you whether your email address or password has been compromised on the dark web. You can also have it notify you when your email address appears in a new data dump.

This tool doesn’t scan for social security numbers in these data dumps but can be useful if you want to know if your credentials have been leaked.

As a free tool, it’s not quite as robust as the scan you get from a professional, but it can provide you with some of the information you need.

What To Do If Your Data Is On The Dark Web

Unfortunately, once your leaked personal information is out there, it’s impossible to get it removed, stop its sale, or prevent someone who buys it from using it.

Dark web scans can’t protect you, but they can alert you so you can take steps to avoid or reduce the damage of the fraudulent use of your personal information and address any problems that have already happened.

So, what if your personal information like email address, phone number or passwords is already on the dark web?

Here are some steps you can take depending on what information is out there:

  • Freeze your credit. A credit freeze is free to set up and remove and requires lenders to verify your identity before pulling your credit file or opening any new accounts in your name.
  • Close your financial accounts. If you find your credit card or bank account numbers on the dark web, let your card issuer and bank know so they can close any compromised accounts and open a new one.
  • Report compromised passport or driver’s license. If your driver’s license or passport is found, contact your provincial Ministry of Transportation, or Immigration, Refugees and Citizenship Canada (IRCC).
  • Report compromised SIN number. If your Social Insurance number is found on the dark web, report it to the Canada Revenue Agency. The CRA also recommends contacting Canada’s 2 major credit bureaus, Equifax Canada and TransUnion Canada, for a copy of your credit report and information about placing a fraud warning on your file. Similar to a credit freeze, this requires creditors to contact you before opening any new accounts in your name.
  • Update and secure your passwords. If any of your passwords are found on the dark web, change them on all of the accounts it is used. As an added precaution, update your security questions and answers and enable two-factor authentication on your accounts.

Awareness Is Your Best Line Of Defense

When your personal information ends up on the dark web, it’s there to stay. The best you can do is be aware that it’s there and take steps to notify the proper institutions in order to mitigate the damage it could cause.

If you’re interested in a dark web scan for you or your business, talk to our team of Nerds today.