How to Know If Anyone Sold Your Data on The Dark Web


It seems like almost every day there is another major data breach. In 2019, over 100 million Capital One customers were affected by a data breach. In 2017, the Equifax hack exposed 147 million Americans’ personal details.


In 2020, there have been hacks on Microsoft, Estee Lauder, T-Mobile, Marriott, and many more. Unfortunately, that means it’s not a matter of if, but when your personally identifiable information (PII) will be leaked—if it hasn’t been already.


1. Do A Quick Check

The first thing you’ll want to do is quickly check whether your details associated with your email have been hacked before. To do so, you can use sites like HaveIBeenPwned, which tracks data breaches. Go there and type in your email and see what happens.


If you’ve used your email address for 5+ years, it’s likely your data has been breached once, if not several times.


It’s important to know what these results mean, however. Just because your email address was exposed, that doesn’t mean your data has necessarily been sold on the dark web.


The average person has 90 online accounts. So, it could have been somewhere completely benign like a weekly newsletter, or it could have been more serious. You’ll have to do a little more digging.


2. Dig a Little Deeper

There are a variety of services that provide dark web monitoring. The dark web is the mysterious place we hear about where people’s identities and illicit items are stolen online.

Do note, the dark web isn’t actually illegal.


But you won’t be able to use an ordinary browser to get there. You’ll need something like Tor—and depending on where you live using, that may be illegal.


Rather than you visiting all the dark web sites—and there about 600,000 of them at any given time—monitoring services will scan the dark web for you.


There are pros and cons to this. Generally, you will have to pay to use these services, though it isn’t much and often comes bundled with other security solutions. However, even with a dark web monitor, there’s no guarantee your data hasn’t been sold on the dark web.


That’s because much of the exposed information from data breaches aren’t available openly on the dark web. Instead, it is packaged and encrypted into one file that dark web users can either purchase or bid on.


That means there’s no way of knowing whether your data is on the dark web.


3. Prepare For the Worst-Case Scenario

The only real sensible option is to assume your data has been sold on the dark web. Take a deep breath. It’s not so bad. There are ways you can buffer against these types of threats of data loss.


The first thing you’ll want to do is keep a proactive eye on your credit score. Pay attention to anything that looks fishy and report it immediately. This is a sign that somebody likely got a hold of your social security number.


The same also goes for all your credit and banking accounts. The vast majority of banks are threat protection services. They’ll not only keep an eye out for suspicious activity but usually will compensate you for any fraudulent charges associated with your account.


Finally, improve your cybersecurity as a whole. While it’s best to prepare for the worst-case scenario, that doesn’t mean your identity has already been stolen. Or that it has to happen again.


This begins by using a VPN service anytime you connect to the internet. VPNs both anonymize and encrypt your online activity. VPN services make it extremely difficult for hackers, or anybody else for that matter, to monitor what you do. You should especially use a VPN anytime you use a financial service or other places where you exchange sensitive information such as online shopping or paying bills.


While you’re at it, invest in account security. Nowadays, most websites offer two-factor authentication for site logins. Use this everywhere as it not only provides another line of defense but also creates notifications anytime somebody attempts to access one of your accounts.


You can indeed expect email addresses to get often leaked on sites, but you can minimize the damage that occurs by using a password manager to create, manage, and store unique and complex passwords.


That means if a fraudster manages to access one of your accounts, the other ones won’t be at risk. You can also use password managers to store payment details and address details as well securely.


Has your data been sold on the dark web? For your safety, it’s best to assume yes. But follow these tips and strategies, and you’ll not only minimize the damage hackers can do to you but significantly reduce your risk exposure. In these days of data uncertainty, that’s a huge victory.