Jump to content

My email is exposed on Dark web


Recommended Posts

I wasn't sure where to turn to so I'm writing here.

I've been seeing a lot of talk about the Equifax hack (i.e. Shannon's Threatwire).

Got worried.  Started going thru all the credit bureau sites.  Found Dark web email scanner on Experian.  Sure enough, it says one of my emails had a hit.

Problem is that since so many web sites make you use your email for log in name, I'm not sure if my email password is on the Dark web or if my sign in credential to some web site is on the Dark web.

I don't know anything about Dark web.

Can someone point me in the right direction on how to figure this out?

I'm totally paranoid now.

Link to comment
Share on other sites

What did you use to find your email on the dark web? I'd be leary of tools like this, as you could just be getting phished to begin with. If any of them ever ask to check for your password as well, this is a red flag. Never give a search engine both the email and password to try and verify anything. You will more than likely find yourself hacked in the end when doing this. A legit site to look for things on, is have I been pwned. - https://haveibeenpwned.com/ If you want to search your email on there, safe to do so. I'd not do the password search, but if you only searched your password, you're only seeing if it's been seen, and unless it's 100% unique, chances are, other people have used the same password as you, which really makes consolidating your email and pass, not an easy thing, as where your email is unique, so easier just to see what kinds of breaches you're in.

I don't know if https://haveibeenpwned.com/ has the Equifax data yet, but worth looking up your email for just to see where/what hacks it could be in.

As for dark web sleuthing, protect yourself by not going there to begin with, till you fully understand what you're doing. Many onion sites are just booby-trap sites that are going to have triggers in place listening and scanning for visitors on entry to their Onion site. If your system is vulnerable to something they have waiting for on the other end, you could end up worse than just coming up on a hacked database.

At the end of the day, change ALL your passwords and make them all unique per site, and is possible a different email, per site.

Edited by digip
Link to comment
Share on other sites

I did the Dark web email search on Experian site (competitor credit bureau to Equifax).  I thought initially that it was a scare tactic marketing ploy to sign up for their ID theft monitoring service, but when I did the search with my other emails, there were no hits (did them as separate searches).  Their report didn't say which password combination was seen; just that my email was mentioned somewhere on the Dark web.

Great idea on https://haveibeenpwned.com.  I'll definitely check it out.

Thanks for your advice, digip.

Link to comment
Share on other sites

Wen to https://haveibeenpwned.com.  2 of the 8 email addresses I currently use have been compromised.  Both were from Dropbox hack.  That sounds like something that could have wound up on the Dark web.  It was from a 2012 hack.  I'm pretty sure I changed my passwords since then, but I'm going to change them again just to be safe.  The other compromise came from stupid restaurant guide I don't even remember using.  Web sites really should stop using emails as log-ins.  I'm pretty sure I used my bogus, "I'll likely use this web site once" type password there (I use a throw away password.  I change it to something decent after I decide to continue using the site).


Thanks for the advice on the Dark web.  I just thought they were just cumbersome to get to, but never thought of them as drive-by hack sites.  


I guess I just need to have my antenna up more from now on.  Thank you again for your advice, digip.

Link to comment
Share on other sites

Yeah,l if you don't personally have an account with Equifax, then you shouldn't have any info in their database for your email and passwords. If you used one of their other products, and a site is owned by them on their servers, then maybe it's a concern, but I'd be more concerned on personal details, like SS#'s and address, full name, mothers maiden name type of things, vs an email and password, which again, if you didn't use their services or site, then you shouldn't have anything to worry about.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...