What to Know & Do About the 'Dark Web'

The term ‘dark web’ can pop up in news stories, especially when there's a big data breach. As ominous, as it sounds, it’s helpful to have an understanding of it and what you can do about it.

What Is the Dark Web?
The best analogy I have heard is to think of the Internet as an iceberg. The part you use every day is just the tip. Beneath the surface lies the “deep web,” which includes information not publicly searchable, such as online banking portals, paywalled content, and internal company databases.

The dark web is a small, hidden corner of the deep web that requires special software to access, and that’s where things can get dubious.

The dark web contains underground marketplaces, hacker forums, and stolen data dumps. It’s a haven for cybercriminals who want to stay anonymous. This is where your stolen credit card numbers, hacked credentials, and even medical records might end up without your knowledge.

How Your Info Ends Up There
Your data doesn’t end up on the dark web by accident; it’s there because a company you’ve done business with was breached. Think big names like Target, Equifax, Facebook, or any number of hospitals, retailers, or travel sites. Hackers steal data from these sources and then either sell it or give it away on the dark web.

That stolen data might include your name, email address, passwords, Social Security number, driver’s license info, or payment details. You may not think your Netflix login is a big deal, but reused passwords across accounts can be a goldmine for hackers or a clue about how you construct all your passwords.

What Can You Do About It?

You do not need to learn how to access the dark web to protect yourself from it:

1. Use Unique Passwords for Every Account.
   This is the single most effective thing you can do. A breach on one site won’t compromise the rest if your passwords are unique. Use some form of password manager to keep track of them, even if you have to write them down on a piece of paper.  As insecure as a written page of passwords may be, it’s way safer than using the same password everywhere.
2. Enable Two-Factor Authentication (2FA).
   If a service offers it, turn it on. This adds an extra step to verify your identity and can block hackers even if they have your password.
3. Switch to Passkeys When Possible
   Many websites are offering to use a more secure method of authentication, known as Passkeys (https://bit.ly/3RLT2Py).
4. Monitor Your Personal Information.
   Credit Karma’s free service has an ‘identity Monitoring’ option that will warn you of data breaches and exposed passwords.  You can also use the free notify me option at ‘Have I Been Pwned’ (https://bit.ly/2FSxU90) to be notified of new breaches.
5. Freeze Your Credit.
   It’s free and easy to do through the major credit bureaus, and it prevents anyone from opening new accounts in your name. It is particularly important to keep your ‘unlock’ PIN safe in the event you ever want to reverse the freeze.

You cannot stop breaches from happening, but good digital hygiene helps limit the damage and stay ahead of cybercriminals.