How to Check the Dark Web for Your Personal Information

Boost IT | What To Do If Your Email Has Been Exposed on the Dark Web

So I got a message from a client yesterday asking how to check the dark web for your personal information. This all started because they had gotten an e-mail from their bank that looked like this.

“Heads up: CreditWise found your personal information somewhere on the dark web.”

Needless to say they were freaked out. And turns out this was a legitimate e-mail.  

What is the Dark Web?

The Dark Web is a collection of websites that exist on an encrypted network but can’t be found by using traditional search engines or visited by using traditional browsers. Almost all sites on the Dark Web hide their identity using the Tor encryption tool.

How do I check the Dark Web?

So you’d like to know how to check the dark web for your personal information, and is that even safe?

First, it’s safe. If you have an e-mail address I can assure you that it’s in multiple places on the internet already.

Secondly, you’re not putting in a password or creating an account to run the check.

The website to use to run the check is https://haveibeenpwned.com. I’ve tested it myself and it shows your results immediately. 

What should I do next?

First, reset the password for your e-mail account, and any other online accounts where you use your e-mail address to log in. 

Second, when you create new passwords you should create strong passwords, and check your bank and credit card accounts for fraudulent activity. You should never share passwords with anyone or leave passwords in a desk drawer or on a sticky note. There are security cameras everywhere these days, so they may be able to read your notes or even watch you type in your username and password. 

Third, enable Two-factor authentication (2FA) on your e-mail account and any other account with financial or personal information. Two-factor authentication is an extra layer of security designed so that you’re the only person who can access your account, even if someone knows your password. With two-factor authentication, your account can only be accessed on devices you trust. When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information—your password and the six-digit verification code that’s automatically displayed on one of your trusted devices, like your phone. By entering the code, you’re verifying that you trust the new device. 

Finally, you should ask any vendors or companies and their associated contractors that you partner with or that work for you if they have endpoint protection on all their computers and have a UTM managed firewall in place. Those groups are storing your data, too.

Contact us if you have more security questions.

Do you wonder if your business could be more productive or better secured? Take a 2 minute IT Self-Assessment.

Interested in a full IT Assessment where you get real-time reports showing your IT & security strengths, weaknesses and opportunities? Here’s our IT Assessment Checklist.