The dark web is the part of the internet that isn’t indexed and can’t be found using search engines. While there are legitimate uses for it, this part of the internet is also home to black markets selling personal information. On the dark web, SSNs (social security numbers) can be bought or sold for a couple of dollars. These may have been leaked through data breaches at a company you use, or more directly, through malware being installed on one of your devices.
Worryingly, criminals can use your SSN to take out loans and credit cards, open bank and phone accounts, obtain a driver's license, and even use your medical insurance in your name. In this article, we explain how you can check securely whether your personal details have been leaked.
Step 1: Use a dark web scanning tool
Some credit monitoring services, such as Experian and Capital One, have dark web scanning tools which explicitly search for your SSN.
There are also VPNs and password managers that monitor the dark web for data breaches that may affect you. These tools usually scan using your provided email address and search for any leaked personal information connected to that email address, which may include your SSN.
If you’re using both direct and indirect searches and separate companies with different approaches, and a positive result isn’t found, you can be more confident that your SSN is safe.
Step 2: Check for breached accounts
If you’ve used your SSN when signing up for an account, and that account becomes compromised, potentially so does your SSN. The same problem arises when storing identification documents. If you store personal information on a cloud service such as Dropbox, a data breach could allow others to access that information.
Have I Been Pwned allows you to check whether your email address or telephone number have been discovered in a breach. Even if your SSN hasn’t been directly leaked, if someone has access to enough of your data, identity theft is a risk. For example, someone with access to your email account may be able to use that to log into a website that holds a record of your SSN.
Step 3: Set up news alerts
Have I Been Pwned has a notification feature to alert you if your details are found in a new breach and can even check whether you’re using a compromised password. Google News alerts can also be set up to inform you of breaches involving businesses you use, like your bank or ISP.
However, Google Alerts itself can be manipulated by cybercriminals as part of a phishing attempt to encourage you to visit malicious sites. If you see a notification, check directly with the breached source or by using a reputable website. You can mitigate some of this risk by filtering your Google Alerts for news sites and by configuring it to display only the best results.
Step 4: Manually check known breaches
There are limits to the abilities of automated tools—if you use a less popular service, or your data has been leaked recently, it might not be in the scanner's database at the time of scanning. But you can often perform manual checks.
Compromised websites should actively reach out via email to inform you of a breach. Some services, such as Equifax, which leaked over 140 million SSNs onto the internet, have a dedicated tool you can use to see if you have been affected.
What to do if you find your SSN on the dark web
Even if your SSN is on the dark web, it doesn’t mean those details are being used. However, if you find they are, you should report it as fraud to the Social Security Administration.
There are some other steps you can take to protect yourself:
- Freeze your credit—prevent anyone from taking out a credit card or applying for a loan in your name.
- Get a credit report—annualcreditreport.com provides a free service. Check for accounts and charges you don’t recognize.
- Create a mySocialSecurity account—check whether anyone has used your SSN to apply for benefits in your name.
- Monitor your credit cards—look for purchases that you don’t recognize.
If you’re still concerned, try one of these identity theft protection services, which provide both credit and dark web monitoring, as well as identity theft insurance.
Summary
It can be worrying to find your SSN available for sale. Unfortunately, once your personal information is on the dark web, it’s nearly impossible to get it removed.
However, using security software can reduce the chance of your data being compromised in the first place. Consider using a VPN for safer browsing of the web. If you need to keep your social security number accessible or store digital copies of other personal identification, then a password manager will help you keep these secure.
By monitoring the dark web and data breaches, you can understand which accounts and what personal information may be compromised—and change the relevant passwords. And by freezing your credit card and tracking your outgoings, you can mitigate financial risks. So, even if you do find your SSN is on the dark web, there are steps you can take to minimize the potential damage.
