July savings, year-round protection

Dark Web Frequently Asked Questions.

You may have heard of the dark web, but do you know what it is and how it affects you? Having a baseline understanding of the dark web can help you protect yourself from risks like identity theft. Read on for answers to the most common dark web questions.

What is the dark web?

The dark web is the part of the internet that isn’t visible to search engines. It’s not accessible by web browsers like Chrome, Safari or Internet Explorer that everyday people use. It requires a special browser called Tor to access it, and it allows visitors to remain anonymous.

Any time you create an online account and secure it with a weak password, you leave yourself open to vulnerabilities. A trained hacker can access your sensitive information by launching a cyber-attack, phishing scam, or by simply brute forcing their way past your weak password.

Think about the websites or companies that store your personal information like:

  • Banks
  • Social media
  • Shopping websites
  • Medical accounts
  • Blogs
  • Forums, chat rooms, and webinars
  • Peer to peer networks
  • Email accounts

If these accounts are secured by just a weak or reused password, there’s a possibility they’ve been hacked without you knowing it. A hacker could have access to your valuable data and potentially steal your identity to sell it on the dark web. 

What is the difference between the deep web and the dark web?

The deep web is anything on the internet that isn't indexed by a search engine like Google. For example, content behind a paywall like membership sites or anything the content owner chooses to block from being indexed. This content can still be accessed by a standard browser.

The dark web is purposefully hidden and requires a Tor browser to access. Estimates say it is about 5% of the total internet.

Is the dark web illegal?

The dark web itself is not illegal, but illegal activity takes place on the dark web. Because visitors can remain anonymous, it is useful for cybercriminals who want to take part in illegal activities. For example, a cybercriminal may hack into a website and steal user data (like a credit card number or social security number) and sell it on the dark web. 

Do cybercriminals really want my data? And how much is it worth?

Cybercriminals hacking into company databases and stealing user data is very common. You have probably heard of these data breaches in the news. But did you know it doesn’t just happen to enterprise businesses? 

Cybercrime happens to regular people everyday, no matter how valuable the information may be. You may think your sensitive information isn’t worth much, but it’s still valuable to some bad actor.  

While each piece of data (like a credit card number) might only be worth a few dollars when they resell it, this adds up when they’ve stolen thousands or hundreds of thousands of pieces of sensitive information. To see the full breakdown of how much your data is worth check out “Mystery of dark web” infographic.

Is the dark web dangerous?

Simply being on the dark web is not inherently dangerous; however, the average person doesn’t have a need to be on it. There are some use cases for the dark web that aren’t criminal. For example, in some countries with strict governments that prevent access to information online, citizens use the dark web to seek information and share their views freely.

The real risk is that your personal information may end up on the dark web. If you protect your data online, you will not need to worry about the dark web.

How can I prevent my data from getting on the dark web?

There are many steps you can take to protect yourself, and a few of these can easily and cheaply be put in place right away. Thankfully, there are a few that can be easily and cheaply put in place today.

  1. Create unique and strong passwords for every online account: This is essential because it makes it harder for hackers to get into your accounts, but it also means if they crack one they don’t have access to any others. You can use a password generator to create these unique, strong passwords.
  2. Use a password manager: If you have unique passwords for every account, you won’t be able to memorize them all. You need a password manager to securely store and fill them for you.
  3. Turn on multi-factor authentication (MFA) for any sites that offer it. Multi-factor authentication requires you to provide an additional form of authentication on top of your password when logging into your account. Many accounts – like email and social media – offer MFA to help prevent cyber criminals from gaining access.
  4. Use a dark web monitoring service: Dark web monitoring checks your information against a database of breached credentials and will alert you if your information has been compromised. This way you can change the passwords for those breached accounts.

How does dark web monitoring work?

LastPass dark web monitoring proactively checks your email addresses against our partner Enzoic’s database of breached credentials. You will be alerted with an email and an in-product message if your email address has been compromised and which account is at risk.

Read more about dark web monitoring and our partnership with Enzoic in our Support Center.

How do I know if my email has been hacked?

If you use dark web monitoring with LastPass, you will receive an email and in-product alert as soon as your email address has been found as a part of a breach. Here are some typical signs that someone is abusing your email account:

  • Strange emails in your sent folder.
  • Unexpected password reset emails.
  • Complaints from your contacts.
  • Unusual IP addresses, devices, and/or browsers detected.

Read more about how to tell if your email was been hacked

What do I do if I get a dark web alert?

You should immediately change the password for the compromised account. Read our blog post to see what you can expect.

More details can be found on how to manage dark web alerts in our Support Center.

Is dark web monitoring enough to keep me safe online?

Dark web monitoring is a great tool to have in your cybersecurity arsenal. However, there are additional steps you can take to protect your personal information from cybercriminals and identity thieves.

Re-using passwords is a very common habit that puts you at risk. If a hacker can figure out the one password, they can access all other accounts that use that password. If you use your password for social media and online banking, and you click a spammy link on a social media site, your banking information could be vulnerable if your password is hacked.

WiFi networks can easily be hacked, so leveraging a virtual private network (VPN) will ensure that your internet browsing data stays safe.

Find more tips to protect you from identity theft in our blog.

Does LastPass scan the whole dark web?

You may hear the term “dark web scan” and wonder how it’s possible for a solution to scan the entire dark web – especially if it’s so hard to access and it’s anonymous. When you hear the term dark web scan, what’s really happening is your credentials (like email addresses) are being checked against a database of credentials from known breaches. At LastPass, this service is provided by our partner Enzoic and in keeping with our zero knowledge model.

Can dark web monitoring help businesses?

Yes. The online security practices of end users affect the safety of the entire business. Weak and reused passwords can make it easier for hackers to get into a user’s work accounts just as easily as their personal accounts. LastPass dark web monitoring is available to all LastPass business users, so they can ensure they are keeping themselves safe online.

Learn more about LastPass for business.