Skip to main content

Protecting yourself against the dark web

minute read

    What to do if your information is exposed

    You’re at home one night watching TV, and all of a sudden you receive a dark web email alert from Chase Credit Journey®.

    Getting a dark web alert doesn’t mean you’re automatically a victim of identity theft. But having your personal information exposed on the dark web can make it easier for others to access and use your identity.

    So what exactly is the dark web? Let’s walk through what you need to know.

    What is the dark web?

    The dark web is a network of websites where people can share information anonymously. Sometimes the activity there is harmless, like when journalists, law enforcement officials and whistleblowers gather and share info without revealing their identity. But it can also be a popular place for identity thieves, who can use the dark web to trade and sell your personal information.

    Info on the dark web doesn’t show up in your run-of-the-mill search engines. Users need special software and authorization to access it.

    If you receive a dark web alert, it means your personal information was exposed, which can make it easier for others to open accounts in your name. The types of info criminals may be able to find there include:

    • Credit card numbers
    • Social Security numbers
    • Email addresses
    • Passwords

    Now that you know what the dark web is, let’s learn more about how your information can get there.

    How does information end up on the dark web?

    Information can show up on the dark web if thieves steal it and post it there. We don’t always know where they get the info because they can use a variety of sophisticated and low-tech methods to try to collect it, including:

    • Hacking corporate databases and stealing customer information, also known as data breaches
    • Using unencrypted websites or unsecured Wi-Fi networks to grab your information
    • Launching an email scam, also known as phishing, to trick you into handing over personal info
    • Using malware to target information stored on your computer
    • Stealing mail from your home mailbox or trash to find personal information on paperwork you received

    It’s easier for someone to steal your identity once your information is on the dark web. That's why we monitor your personal information and alert you if we spot new activity or changes. You can choose to receive our notifications by email, push or text alerts.

    What should I do if I get an alert?

    If you receive an alert, it means we've found your personal information on the dark web. You can't remove the info once it's there, but you can take action to protect it and help limit fraud.

    Here are some common types of data exposures and suggested next steps you can take to safeguard your information:

    Data that was found and suggested next steps

    • Email & password
      • Change your email password to make it more secure.
      • Create different passwords and change the security question on any accounts that use your email.
    • Driver’s license number
      • If the driver's license number doesn't match the one on your current license, you won't have to do anything. It's likely the one we found probably isn't valid.
      • If the driver's license number matches the one on your license, contact your state's Department of Motor Vehicles (DMV) about getting a new driver's license. They'll tell you what to do next.
    • Social Security number;
      • Contact the Social Security Administration at 1-800-772-1213 to let them know your SSN was compromised. They'll advise you on the steps you should take.
      • Review your credit report for any activity you don't recognize.
      • Consider placing a credit freeze on your credit report with the three major credit bureaus as an additional precaution.
    • Bank account & bank routing number
      • Use the account and routing numbers to identify the bank. 
      • Contact your bank about changing your account information.
      • Review your account transactions. If you see any charges you don't recognize, contact your bank to file a dispute.

    It’s also good practice to keep an eye on your credit report so that you can spot and report any errors or accounts someone is trying to open in your name.

    How can I prevent data exposure?

    When it comes to the dark web, your best defense is a good offense. Don’t wait until your info falls into the wrong hands. Instead, adopt strong security practices to protect your passwords:

    • Use a password manager to create unique, hard-to-guess passwords.
    • Have different passwords for each of your accounts.
    • Set up two-factor authentication so that identity thieves need more than just a password to access your accounts.

    You should also avoid accessing your accounts on public Wi-Fi networks and regularly review your credit report.

    No strategy is foolproof, but taking steps early can go a long way in keeping your information safe.

    Key takeaways

    • If you receive a dark web alert, it means we found some of your personal information on the dark web.
    • Identity thieves can use the dark web to trade and sell individuals' sensitive personal information.
    • Criminals can steal your Social Security number, passwords, bank account information and other data by hacking company databases via unsecured Wi-Fi networks and by launching phishing scams.
    • If you get a dark web alert, you might need to change your passwords, get new account numbers from your bank or credit card issuer or place a fraud alert on your credit report.
    • You can prevent your information from ending up on the dark web by using complicated passwords, avoiding public Wi-Fi networks, regularly reviewing your credit report and setting up two-factor authentication. 

    What to read next