The dark web is a hidden layer of the internet that requires specific software to access and is not accessible by search engines. The dark web is popular with cybercriminals because they can remain anonymous and untraceable. Cybercriminals that hack into accounts and steal personal information often wait months or even years to use it. They can meet other cybercriminals anonymously on hidden dark web sites or private forums to sell personal information that can be used to commit identity theft or other crimes.
The surface web comprises of websites that are indexed (or catalogued) by search engines.
The dark web is a hidden layer of the internet that is not accessible or indexed by search engines, and requires specific software for access. This area is popular with criminals because they can remain anonymous and untraceable as they communicate. The dark web is a huge marketplace where hackers and thieves exchange information, goods and services; information exposed from data breaches, hacking incidents, or leaked information can be bought and sold on the dark web as "lists" by identity thieves. Information traded on the dark web may be old or could even re-appear several months, or years following exposure of your personal information. The dark web forms a small part of the deep web.
How does one access the dark web?
The dark web is accessible only if you download a special open-source browser software. Such software typically uses encryption technology to help users maintain their anonymity online. It does this, in part, by routing connections through servers around the world, making them much harder to track.
You do not need to be on the dark web for your information to end up there. Information stolen or exposed in data breaches or hacking incidents, or leaked information can be bought and sold on the dark web as "lists" by identity thieves. This information may be old or could even re-appear several months, or years following exposure of the information.
"Exposed" information does not necessarily mean that your account(s) have been hacked. You can be proactive and take several actions to help protect yourself. Change your password for the site/service mentioned in the notification. In addition, if you use the same password for numerous online accounts, make sure you change these passwords as well. Enable two-factor authentication whenever offered by a site or service. Read
About Dark Web Monitoring for a full list of helpful tips and guidance.
What is a data breach and how do I handle one?
A data breach is a security incident in which information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. They are a costly expense that can damage lives and reputations, and takes time to repair.
In most cases, cybercriminals don't just hold on to the information they access, but they may find ways to exploit it for personal gain. So, it is important to take steps and protect your personal information.
Even though you may have unsubscribed from a website or may have deactivated your account, your data may still be present in their data systems and could be exposed during a data breach, a hacking incident, or another type of data leak.
You have received this notification as the information belonging to you is available on the dark web and may be bought or used by hackers to commit identity crimes. Here are some reasons why your information may have been found on the dark web.
- Website breaches
This could be because a website in which you entered your information to sign up or for using any of the services associated with the website may have suffered a breach incident. It may be difficult for you to remember, or you simply may not know other services that are associated with the website.
Even though you may have stopped using the website, or deactivated the account, or unsubscribed, the information could still be available in their systems.
- Leaked usernames and passwords (known as Combo List)
In some cases, usernames/email addresses and password pairs are uploaded as a text file (known as Combo List) onto the dark web. This file is machine-readable and can be used as an input to tools that will automate authentication requests to a website or an application programming interface (API).
You will receive a notification if your information is found in the Combo List. Due to security purposes, you will only see the password partially. Note that the password may not be your most recent, but one you have used in the past. You need to verify that the email address associated with this password belongs to you before we partially unmask and display the password.
- Exposure of your personal information from an unconfirmed source
Your personal information gets exposed by an unconfirmed source on the dark web. Unfortunately, we don't have the complete details on the breach hence could not provide you with the name or source of the exposure. However, we will specify the category of the exposed information so that you change and strengthen your online logins and passwords.
Note that our services and support agents do not have any additional information about this exposure, nor do they know if your exposed personal information is being used in any suspicious manner.
We're constantly scanning for your personal information on the dark web and will continue to notify you if we find anything. In the meantime, we advise you to be prudent with your personal information going forward.