We’d all love to leave less personal data in the wrong hands, be it hackers who get it from data breaches or marketers who buy it from data brokers. But that’s not always possible. Sure, there are some methods to take care of the brokers, but can anyone do anything once the hackers put your information on the dark web?
In short: can I remove my sensitive information from the dark web?
No. It’s unorganized, wild, and lawless. There is no central authority to appeal to, and there are no ways for governing bodies to really influence it on a case-by-case basis. The best you can do is mitigate damage by taking steps to improve your online defenses.
How do you remove your information from the dark web?
You don’t. To explain why, I will first explain what the dark web is. Roughly speaking, it’s a term that ties into how areas of internet are classed by accessibility:
- Surface web: the publicly accessible part of the internet that is indexed by search engines (read: you can find it on Google, DuckDuckGo, even Bing). This blog post exists on the surface web. Only 10% of the internet is on the surface web.
- Deep web: anything you can’t just access with a link – you need, at the very least, a password. It includes stuff like the inside of your email inbox, your dating profile interface, and so on. If you have a Surfshark account, everything you see when you log into my.surfshark.com is on the deep web.
- Dark web: the parts of the online world that have been intentionally hidden from easy access, and you need at least a special browser to access it. If you don’t know what the dark web is, you’ve never been on it before. The Tor Network is the most famous example of the dark web.
The fact that it is so secretive means that the dark web is often used for illegal dealings: drugs, weapons, sensitive information – the works. As is with offline illegal dealings, there is no central online crime control agency to file a complaint with*. A dark web website doesn’t have a legal host you can email, you don’t know where the server is located, and the people running it are likely 100% aware of the criminal proceedings.
As such, none of the usual methods of getting your sensitive data removed work. Once your data is out and about on the dark web, it’s out there for good. The only thing you can do now is damage control and risk mitigation.
*Incidentally, there’s no central regular internet control agency you can ask to delete your data online. And while you yourself can try to ask data brokers to remove you from their databases, it would take an infeasible amount of effort.
What happens if my email is on the dark web?
Chances are, it’s not only your email that’s on the dark web but a lot of other information as well.
The research on data breaches shows that, on average, an internet user has had their email address leaked more than twice – and also lost their password twice. They usually come bundled together, as they were probably leaked as your login credentials on a breached website.
So at that point, a hacker can know your email address, your password, and the website those are used for logging into. With these, they can access your account on that website. Once there, they can:
- Make purchases
- Steal your personal information
- Impersonate you over personal messages
- Transfer account assets somewhere (bye-bye, Steam points)
- Basically, do anything you would do on the website.
But wait, there’s more! Data breaches – which happen all the time – don’t exist in a vacuum. Oftentimes, hackers will bundle up data from several breaches to sell. This means that you’ll often have more than your email and password leaked.
To go with those, hackers can get:
- Your first name
- Your last name
- Actually, your full name altogether
- Date of Birth
Using this data, the same hackers can execute all kinds of elaborate crimes and scams. It can tell them who to target and what crimes to target you with. From phishing to extortion, online criminals are limited only by their imagination.
Is my email address on the dark web?
Your email address is probably on the dark web. Statistically speaking, research shows that every internet user’s email has been leaked more than twice. This means you too.
But how can you know? Well, while there’s no way of checking what’s exactly on the dark web at any one time, leaked data bundles are found on the dark web by security researchers all the time. By looking into these data caches, we can determine what data has been stolen and when.
That’s where monitoring services like Surfshark Alert come into play. Here’s how they work:
- You sign up for the service
- You enter an email address you want to check for leaks
- The service checks bundles of breached data in its database
- You’re shown what data is leaked and where.
- [optional] The service notifies you if your data appears in further data breaches.
Of course, not all data breaches are discovered immediately, and stolen data first needs to go on the market and then be located by the researchers. But once you know what data has been stolen, you can take steps to mitigate the damage.
Can the dark web be removed?
No, it cannot. It’s too big and too decentralized for that to happen. But there are other things you can do to help your case.
What to do if your email is on the dark web
The steps to take if your sensitive data was leaked on the dark web are essentially the same as when dealing with any data breach:
- Change your passwords: do it for any online account that was hit during the data breach and anywhere else where you used the same password (you really shouldn’t do that because of situations like these).
- Use a password manager: complex passwords are great but hard to remember. A password manager will make it a lot easier to have secure passwords for every different site. You’ll only need to remember one good password: the one for the manager.
- Enable two-factor authentication: under normal circumstances, having your email (or username) would be all that is needed to log into your account and run wild. Two-factor authentication (2FA) takes some of the eggs from the proverbial basket by requiring you to authenticate the login in some other way. It can be a code generator or a simple email confirmation. With 2FA, you can put another barrier for hackers using your stolen credentials.
- Run an antivirus scan of your software: a simple data breach may not have been enough to get malware on your devices. But can you be sure? Maybe your leaked data led to a successful phishing attempt which made you click on a link and download malware. Run a check to be on the safe side.
- Check your bank account: financial motivation is overwhelmingly the most common reason why hackers go after you. That’s why it’s essential to check your balances for any transactions you don’t recognize. If there are any, and you’re fast enough, you may even contest the charges with your bank.
- Subscribe to a service that warns about breaches: to minimize damage from any potential future breaches, you need to act fast. Services like Surfshark Alert will not only scan the breach data in their databases but also monitor any newly-discovered leaked data bundles for your information.
- Consider creating a throwaway email account: you don’t need to use your main email address for everything on the web. By creating a disposable garbage email account not tied to everything you do online, you’ll lessen the risk of important data breaches massively impacting your well-being.
Take steps to protect yourself from the dark web
Once your data is out on the internet, there are only a few ways you can remove it. Once it’s on the dark web, it’s next to physically impossible to erase it. But with good security practices, you can avoid losing important data in the first place – and mitigate the damage if that happens. So start shoring up your defenses with Surfshark Alert.