If your private information lands on the dark web, it’s normal to be worried. But just because your data made it there, doesn’t mean you necessarily are—or will be—a victim of identity theft. Still, knowing it’s out there gives you the opportunity to take preventative measures to reduce your risk, like changing your passwords, canceling compromised cards, and keeping a close eye on your credit for signs of fraud.
Getting notified that your credit card or email address was spotted on the dark web can be unsettling. It can leave you feeling vulnerable or exposed—and that's normal.
But there’s good news: even if some of your personal information lands on the dark web, you’re not automatically a victim of identity theft. Still, awareness gives you a head start.
First things first: what is the dark web?
The dark web, or “darknet,” is a section of the internet that allows users to operate with complete anonymity. It’s not accessible through normal web browsers or search engines; rather, it’s only accessible via special software, configurations, or authorizations.
Because it offers this cloak of anonymity, the dark web is used by a host of bad actors—including identity thieves, hackers, drug dealers, traffickers, and terrorists—and can be a conduit for criminal activity.
But the dark web serves legitimate purposes as well. In fact, organizations like the CIA (Central Intelligence Agency), journalists, and whistleblowers rely on it as well to communicate securely with sources or informants.
How your information can end up on the dark web
In many cases, your personal information ends up on the dark web after a data breach or phishing scam. This can happen when a company you’ve shared information with is compromised (think: if you have your email or payment information stored on a shopping site), or when you’re tricked into sharing details through a message or website that looks legitimate.
Your information can also be exposed if you reuse passwords across multiple accounts. If one account is involved in a breach, the same login details may be used to access other accounts tied to you.
Because the dark web isn’t searchable like the rest of the internet, a dark web monitoring service—like the one we provide in select Allstate Identity Protection plans—can help alert you if your personal information appears there.
Our monitoring uses a combination of artificial intelligence and human analysis to scan areas of the dark web where stolen data is commonly shared. If we find a match connected to you, we’ll let you know so you can take action.
What to do if your information is found on the dark web
If you receive a dark web alert, first take a breath. An alert does not mean someone has accessed your accounts or stolen your identity.
It means your information was found in data being shared online, and some types of information carry more risk than others. The steps below can help you respond appropriately and reduce your chances of future fraud:
If your email address is found on the dark web…
Change your password for that email account.
Identify all online accounts that use that email address as a username.
Change your username and password for those accounts as well.
If your username is found on the dark web…
Identify which accounts are associated with the affected username.
Change the password (and username, if you are able) for the compromised account, and enable additional security measures such as two-factor authentication.
If you use that username on other websites, change the password and username for those accounts as well.
If your debit or credit card number is found on the dark web…
Contact your bank or credit card provider and request a new card.
Review your account statements for fraudulent activity and notify the financial institution if you find any.
Make it a habit to review your account statements regularly. If you do not catch fraudulent transactions within the same billing cycle, your bank or merchant is less likely to reverse or refund the transaction.
If your Social Security number is found on the dark web…
Monitor your credit report for unauthorized activity.
If you notice anything suspicious on your credit report, report it to the credit bureaus right away.
Additionally, alert the Social Security Administration and Internal Revenue Service that your Social Security number may have been stolen.
If your driver's license is found on the dark web…
Review your credit report, as driver's license numbers can be used to open credit accounts.
If you notice anything suspicious on your credit report, report it to the credit bureaus right away.
Notify your local Department of Motor Vehicles if signs of identity theft arise.
If your IP address is found on the dark web…
Locate all devices used on that network (desktop computers, laptops, personal or work computers, mobile phones, etc.).
Using a computer with a non-exposed IP address, change the passwords for all websites and apps on that network.
How to keep your data off the dark web
Unfortunately, there’s not a surefire way to keep your information completely safe, as events like data breaches are outside of your control.
However, the smaller your digital footprint is (meaning, the fewer websites that you share your data with), the lower your odds of being a victim of a data breach.
Additionally, make a point to stay in the know on the latest phishing and social engineering scams, keep your devices up to date with software updates, and practice good password hygiene to keep your personal information as secure as possible and off the dark web.