Skip to main content
(opens in new tab)

Is your SSN on sale right now on the dark web? Here is how to find out securely

How to safely search the dark web for your SSN, and what to do if you find it.

darkweb
(Image: © Archive)

The dark web is the part of the internet that isn’t indexed and can’t be found using search engines. While there are legitimate uses for it, this part of the internet is also home to black markets selling personal information. On the dark web, SSNs (social security numbers) can be bought or sold for a couple of dollars. These may have been leaked through data breaches at a company you use, or more directly, through malware being installed on one of your devices.  

Worryingly, criminals can use your SSN to take out loans and credit cards, open bank and phone accounts, obtain a driver's license, and even use your medical insurance in your name. In this article, we explain how you can check securely whether your personal details have been leaked.

Step 1: Use a dark web scanning tool

Some credit monitoring services, such as Experian (opens in new tab) and Capital One (opens in new tab), have dark web scanning tools which explicitly search for your SSN. 

There are also VPNs and password managers that monitor the dark web for data breaches that may affect you. These tools usually scan using your provided email address and search for any leaked personal information connected to that email address, which may include your SSN. 

If you’re using both direct and indirect searches and separate companies with different approaches, and a positive result isn’t found, you can be more confident that your SSN is safe.

(opens in new tab)

Perimeter 81 is one of TechRadar's choices for the best SWG providers (opens in new tab)

Protect your employees and network from web-based attacks with a Secure Web Gateway. Filter out malicious threats. Monitor all employee activity. Streamline compliance. Secure your entire workforce, whether on-prem or remote with Perimeter 81. Deploy in minutes. Start now.

Step 2: Check for breached accounts

If you’ve used your SSN when signing up for an account, and that account becomes compromised, potentially so does your SSN. The same problem arises when storing identification documents. If you store personal information on a cloud service such as Dropbox (opens in new tab), a data breach could allow others to access that information. 

Have I Been Pwned (opens in new tab) allows you to check whether your email address or telephone number have been discovered in a breach. Even if your SSN hasn’t been directly leaked, if someone has access to enough of your data, identity theft is a risk. For example, someone with access to your email account may be able to use that to log into a website that holds a record of your SSN.

Screenshot from Have I Been Pwned showing the data breach notification page

Check for data breaches by entering your email address on (Image credit: Have I Been Pwned)

Step 3: Set up news alerts

Have I Been Pwned has a notification feature to alert you if your details are found in a new breach and can even check whether you’re using a compromised password. Google News alerts can also be set up to inform you of breaches involving businesses you use, like your bank or ISP. 

However, Google Alerts (opens in new tab) itself can be manipulated by cybercriminals as part of a phishing attempt to encourage you to visit malicious sites. If you see a notification, check directly with the breached source or by using a reputable website. You can mitigate some of this risk by filtering your Google Alerts for news sites and by configuring it to display only the best results.

A screenshot of the Google Alerts setup searching for ‘data breach social security numbers

You can use Google Alerts to notify you of data breaches (Image credit: Google)

Step 4: Manually check known breaches

There are limits to the abilities of automated tools—if you use a less popular service, or your data has been leaked recently, it might not be in the scanner's database at the time of scanning. But you can often perform manual checks.

Compromised websites should actively reach out via email to inform you of a breach. Some services, such as Equifax (opens in new tab), which leaked over 140 million SSNs (opens in new tab) onto the internet, have a dedicated tool (opens in new tab) you can use to see if you have been affected.

What to do if you find your SSN on the dark web

Even if your SSN is on the dark web, it doesn’t mean those details are being used. However, if you find they are, you should report it as fraud to the Social Security Administration (opens in new tab).

There are some other steps you can take to protect yourself:

  • Freeze your credit—prevent anyone from taking out a credit card or applying for a loan in your name.
  • Get a credit report—annualcreditreport.com (opens in new tab) provides a free service. Check for accounts and charges you don’t recognize.
  • Create a mySocialSecurity (opens in new tab) account—check whether anyone has used your SSN to apply for benefits in your name.
  • Monitor your credit cards—look for purchases that you don’t recognize.

If you’re still concerned, try one of these identity theft protection (opens in new tab) services, which provide both credit and dark web monitoring, as well as identity theft insurance.

Summary

It can be worrying to find your SSN available for sale. Unfortunately, once your personal information is on the dark web, it’s nearly impossible to get it removed. 

However, using security software can reduce the chance of your data being compromised in the first place. Consider using a VPN (opens in new tab) for safer browsing of the web. If you need to keep your social security number accessible or store digital copies of other personal identification, then a password manager (opens in new tab) will help you keep these secure. 

By monitoring the dark web and data breaches, you can understand which accounts and what personal information may be compromised—and change the relevant passwords. And by freezing your credit card and tracking your outgoings, you can mitigate financial risks. So, even if you do find your SSN is on the dark web, there are steps you can take to minimize the potential damage.

Daniel is a freelance copywriter with over six years experience writing for publications such as TechRadar, Tom’s Guide, and Hosting Review. He specializes in B2B and B2C tech and finance, with a particular focus on VoIP, website building, web hosting, and other related fields.