PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Your Info Is All Over the Dark Web. Here's How You Can Protect Yourself

Your data has likely been exposed in a breach. I spoke to security experts for their best tips on minimizing the chances of having it used against you.

Kim Key
 & Kim Key Senior Writer, Security

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: René Ramos; Yarkee / Adobe Stock; sankai, alleachday / iStock, Yuichiro Chino / Moment via G)

If you've received a data breach notice from a company, you're definitely not alone. According to a survey from US News, nearly half (44%) of respondents reported being notified multiple times about different breaches involving their personal data. So if you've felt like there seems to be another data breach at a familiar company every other day, you're right.

Unfortunately, the information stolen in a data breach often ends up on the dark web, where it becomes a target for hackers, scammers, and other digital criminals. Data breaches aren't the only way your information can fall into a criminal's hands. If you've ever clicked on a phishing link, entered personal information on a social media survey, or if your device has been infected with malware, you may have given up personal data that will be posted or sold on dark web forums.

I recently discussed this with Dr. Darren Williams, the founder and CEO of BlackFog, a company specializing in data privacy and ransomware protection. He said that even though some of your data is lost to the dark web, that doesn't mean you should give up on everything. You can protect your other personal information by making a few changes to your online interactions and by installing a few security tools on your devices.

Below are tips for minimizing your online footprint, courtesy of Dr. Williams, along with my suggestions for tools that can help prevent fallout from future data breaches.

1. Understand How Your Data Is Used

Dr. Williams told me that first, it's important to understand how criminals use the information they find or buy on the dark web. Williams has spent a lot of time researching how criminals use stolen personal information to pull off account takeovers, identity theft, and scams. He told me that these days, AI tools take much of the work out of cybercrime. 

“Two years ago, these criminals were doing the ‘pray and spray’ approach. They would get anyone they can,” he said. “Now, you can buy whole groups of this information and use it for social engineering.”

Here’s how it works: An AI chatbot scans breach documents from the dark web and puts together information packages called “fullz.” These contain data like your banking credentials, medical records, name, physical address, phone number, and social security number. Criminals use the dossiers to pretend to be a family member, friend, or romantic partner in a romance scam or financial baiting situation.

Williams said that personally targeted scams are rare partly because cybercriminals are lazy. Instead, they usually use dark web data to target groups of people and lure in many victims as quickly as possible.

Recommended by Our Editors

Texas AG Sues What­sApp for 'Lying About Pri­va­cy'
Texas AG Sues What­sApp for 'Lying About Pri­va­cy'
Age Verification Laws Are Coming for Your OS. Here's What You Need to Know
Age Verification Laws Are Coming for Your OS. Here's What You Need to Know
This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans
This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans

2. See Your Digital Footprint With a Dark Web Scanner

Now that you know how criminals plan to use your data, you need to find out what information they already have. To do this, you can use a dark web scanning tool from a personal data removal service. Many password managers also include dark web monitoring as part of a paid subscription. This usually involves checking the dark web for mentions of your email addresses, usernames, or passwords.

Unfortunately, removing data once it’s on a dark website is hard. Even if sites get shut down, there’s a good chance the info was saved and will pop up on another dark web forum later.

3. Use a Data Removal Service

The next thing to do is to make yourself an unattractive target for cybercriminals. "It's like that classic line, right? I only have to outrun you, not the bear." Williams said. Make yourself harder to catch by removing as much of your personal data from the internet as possible.

Williams said the best way to evade cybercriminals is to share as little information online as possible. That goes for more than hot takes on social media or embarrassing college party pics. It applies to all of your data. Once the info leaves your device, it will likely languish in a database before being sold to a data broker as part of a package. Anyone can buy your personal information from data brokers.

Even experts have trouble removing themselves from data broker sites, so it’s a good idea to give that job to a personal data removal service. While it’s possible to do DIY data cleanup for free, it’s a very time-consuming process because there are hundreds of data broker websites.

4. Protect Your Data With Strong Security Software and Practices

While some bad guys will use dark web data to access your online accounts, the worst ones want to access your computer or device because that’s where you keep all your good stuff, like private photos, videos, or financial data. That's why I recommend checking for and installing security patches for your computers, mobile devices, and any other devices that connect to your home network, such as a smart refrigerator or AI assistant.

Dr. Williams said that while consulting for businesses, he noticed that many people become a weak link in an otherwise secure network for the sake of small conveniences. He explained that he's encountered people who have disabled their local firewall or antivirus for one reason or another, and then been confused when they learn they inadvertently exposed themselves to cyberattacks.

So, along with keeping the firewall on, here’s a quick list of other cyber hygiene tasks to complete:

  • Secure your online accounts with multi-factor authentication (MFA). This method uses a password (something you know) and a code or message on your phone (something you physically possess) to make it harder for hackers to access your accounts.
  • Create and store strong, unique passwords for your online accounts using a password manager.
  • Install antivirus software on your computer and other devices, and keep it patched and running in the background. 
  • Install a VPN on your computer and other devices, and turn it on when using public Wi-Fi. 
  • Don't open links in emails or text messages from people you don’t know.
  • Always install security patches and updates on your devices. This includes smart home devices and alarm systems.
  • Keep your operating systems up to date on all your devices, too. The older an operating system is, the more exploits it has and the less support the developer offers.
  • Invest in identity theft protection software like Editors’ Choice winner Norton 360 With LifeLock, which bundles VPN access with device-level security. Some security suites, like McAfee+, also include identity monitoring. 
  • Monitor your credit regularly. Each of the three major credit bureaus, Experian, Equifax, and Transunion, allows you to download free credit reports and will notify you of any changes to your credit report or credit score. Additionally, many of our favorite identity theft protection suites and personal finance apps include credit monitoring with similar real-time alerts, so you can stay informed about any changes and take action in a timely manner.

About Our Expert

Kim Key

Kim Key

Senior Writer, Security

My Experience

I review privacy tools like hardware security keys, password managers, private messaging apps, and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.

In addition to the categories below, I exclusively cover ad blockers, authenticator apps, hardware security keys, and private messaging apps.

The Technology I Use

I like testing new software for work, but I'm less "plugged in" to the internet than I used to be. I tend to read app privacy policies to see what kind of data companies collect, and as a result of those findings, I don't use many mobile apps. In a similar vein, I was an early adopter of many social media platforms, but now I’m just an infrequent Reddit lurker.

I'm a gear junkie. I split my work time between a 2021 Apple MacBook Pro and a Lenovo ThinkPad. I shoot most of my videos for PCMag using a Canon M50, a Sony A7iii, and a Sony a6000. I edit videos using Final Cut Pro and Adobe Premiere Pro.

I write all of my words for PCMag either in the MS Notepad app on my ThinkPad or the Notes app on my iPhone 12 mini. If I'm traveling and working, I use my iPad to write short articles or take notes.

My dad built me my first computer sometime in the late '90s, and I used it for reading Encyclopedia Britannica and writing Sailor Moon fan fiction. My first phone was the ubiquitous Nokia candy bar.

Read the latest from Kim Key

Read full bio