5 Things to Do If Your Email Is Found on the Dark Web
Take a guess:
What’s the value of 10 million US email addresses on the dark web?
$120,000? Guess again.
$1,200? Not even close.
$120—one hundred twenty dollars.
10 million individual emails sell for just over a hundred bucks on the dark web.
If your email address finds its way to the dark web, it’s not the end of the world.
Chances are, it’s just one record among millions of others.
But you should still take some preventive actions.
Here are five things you can do when your email gets leaked to the dark web.
Let’s dive in.
What to do if your email is on the dark web
If you get notified that your email was found on the dark web, here’s what you should do:
- Change the password for the breached email.
- Change passwords for your online accounts, especially for financial accounts.
- Set up multi-factor authentication for all your accounts.
- Check if someone isn’t using your identity.
- Remove your other data from the internet as much as possible.
Want to learn more? Read on for a detailed overview.
1. Change the password for the breached email
It’s better not to take any chances. Knowing your email may be a starting point for criminals to crack your password and gain access to your inbox.
- Change your password immediately after noticing the breach.
- If it’s your primary email account, make the password at least 12 characters long.
- Include numbers and special characters.
- Make the password unique—don’t reuse one from another account.
In most cases, a breached email might prove harmless—but that one time is enough to get burned.
2. Change passwords for your online accounts, especially financial accounts
Changing passwords to your online accounts periodically is a good practice, even if you haven’t found your email on the dark web.
With the number of accounts the average internet user has these days, updating them may be a headache—we get it.
But make sure you change passwords for the crucial ones:
- Bank accounts
- Credit accounts
- Insurance accounts
- Cloud storage accounts
- Emails
- Social media accounts.
The Bureau of Justice Statistics reports that identity thefts involving social media accounts come at the highest cost to the victims—it’s better not to underestimate their importance.
For convenience, you can use a dedicated password manager like NordPass.
3. Set up multi-factor authentication for all your accounts
Multi-factor authentication is a relatively easy way to improve the security of your accounts.
It usually takes the form of two-factor authentication via mobile confirmations, which makes it fast and convenient.
But here’s the good part—
Setting up MFA reduces the risk of someone hijacking your account by a landslide.
Microsoft reports that 99.9% of hacked accounts didn’t have MFA activated.
When your login details get compromised in a data breach, multi-factor authentication serves as your final line of defense—often making the difference between having your accounts emptied or not.
Set up MFA not only for your financial but also for your other online accounts—preferably all of them.
4. Check if someone isn’t using your identity already
A breached email usually leads to spam messages and phishing attacks.
But, every now and then, it may lead to identity theft.
It’s better to be on the safe side. Examine your:
- Bank statements for any anomalies
- Credit report for unsolicited activity
- Mail for suspicious letters, even if not addressed to you
- Email for any unintended updates to your accounts, especially if there are new online accounts.
You can see how to check if someone is using your identity in this post.
5. Remove your other data from the internet
Stop handing out your data to fraudsters.
Or, rather—stop others from doing it for you.
A data breach usually concerns only a specific account and doesn’t always leak all your data points.
It’s bad, but not enough to reveal who you are.
But what if we told you there’s an entire profile of you being traded on the “regular” internet right now?
There are companies that specialize in scraping the internet for your personal data to trade it later. They’re called data brokers.
Data brokers basically sell your identity—not just your email address but also your name, surname, age, home address, sexual orientation, the value of your house, the names of your partners and children, and other sensitive data.
All of this is done in broad daylight.
Scammers may obtain your email address from the dark web and follow the trail to your full identity.
This poses a serious identity theft risk.
Stop them.
Should you be worried when your email was found on the dark web?
If you’ve been using your email account for more than five years, it’s likely already been listed on the dark web more than once.
Data breaches are a daily occurrence.
Hackers then sell your data to whoever is willing to pay—and the prices aren’t that high, as we’ve already seen.
The good news?
For the most part, you don’t need to stress about it too much.
If it’s just your email address and nothing more, you’ll probably see an influx of spam mail and phishing attempts.
Chances are, you might not even notice them—Gmail, for instance, is quite efficient at filtering those out.
Just take a peek at the “spam” folder in your inbox—all the messages you see there are probably a result of your data being traded on the dark web in the past.
Can you remove your email from the dark web?
Nope—
There’s no way to delete your email—or any other data, for that matter—from the dark web.
The dark web is different from the internet you use every day.
There are no rules, laws, agencies, institutions, platforms—nothing to impose any order.
You can’t report your data being used, contact a website, or opt out.
It’s a place where anything goes, and what’s more, everyone is anonymous.
That’s why it’s so popular among criminals, by the way.
All things considered, once your email ends up on the dark web, there’s really nothing you can do about it.
How to check if your email (or other data) is on the dark web
Estimates suggest that information from over 13 billion accounts has been leaked already.
Likely, yours is somewhere among that list.
There are free dark web scanners available, but we’d recommend you stay away from most of them.
It’s an easy tool for scammers to get your emails or phone numbers—you’re basically handing it to them on a silver platter.
But there is a data breach scanner you can trust: Have I Been Pwned?
You can run a search for your emails and see if any breach reports pop up. If there are none, it doesn’t mean your information hasn’t leaked—a lot of data incidents go unnoticed.
Besides, given the nature of the dark web, it’s essentially impossible to run a full dark web scan—there will always be a significant margin of error.
FAQ
What does it mean if your email is found on the dark web?
If you find your email on the dark web, it means that there’s been a data breach at one of the websites where you have an account. It doesn’t have to be bad—if it’s only your email address that got leaked (without passwords or other sensitive data), you’ll most likely only receive extra spam emails.
Can I remove my email from the dark web?
You can’t remove your email from the dark web. Once it lands there, there’s nothing you can do about it. The dark web operates differently from the regular internet—there are no entities to regulate it or enforce any claims.
Should I be worried if my information is on the dark web?
Most personal data on the dark web comes from mass data breaches. Likely, your information is just one record among millions of others. But don’t stay idle. Make sure to change passwords for your important accounts, set up MFA, and keep an eye out for any unusual activity.
Related:
– What to do if your SSN is found on the dark web
– What to do if your number is found on the dark web
