SECURITY FEATURE
Dark web monitoring
Get alerted in real-time when your sensitive data is exposed on the dark web.
Free trial for all plans. No credit card required.
How dark web monitoring protects you
24/7 monitoring
Turn on dark web monitoring and our threat intelligence will work around the clock, checking your info against a database of compromised credentials.
Immediate alerts
You receive instant notifications if any of your personal data has been identified on dark web sites or has been compromised amidst dark web data leaks.
Proactive protection
Total protection through cybersecurity threat remediation. We’ll also notify you of potential threats, like weak passwords, so you can stay ahead of hackers.
If you store personally identifiable information (PII) online, there’s a chance it’s targeted by hackers and leaked to the dark web. Weak passwords and phishing campaigns sites leave your sensitive information vulnerable to cyber criminals.
But 82% of people wouldn’t know if their data is being circulated and sold there.
But you don’t have to stay in the dark. Not with LastPass dark web monitoring.
- You can turn on dark web monitoring from within your vault’s security dashboard. Business admins can turn it on for employees within account policies.
- Tell LastPass what email addresses to monitor and we’ll check our partner’s database of breached credentials to see if they’re on the dark web.
- We’ll send you near real-time notifications if we identify a data breach so you can take immediate action. Rest easy knowing we’ve got your back.
- Eliminate password reuse with the built-in password generator.
- Autofill passwords and form fields with one click, on any of your trusted devices.
- Secure your business with secure sharing, robust multifactor authentication, and automated user management.
Explore other LastPass features
Frequently asked questions
What is the dark web?
The dark web is the part of the internet that isn’t visible to search engines. It’s not accessible by web browsers like Chrome, Safari or Internet Explorer that everyday people use. It requires a special browser called Tor to access it, and it allows visitors to remain anonymous.
Any time you create an online account and secure it with a weak password, you leave yourself open to vulnerabilities. A trained hacker can access your sensitive information by launching a cyber-attack, phishing scam, or by simply brute forcing their way past your weak password.
Think about the websites or companies that store your personal information like:
- Banks
- Social media
- Shopping websites
- Medical accounts
- Blogs
- Forums, chat rooms, and webinars
- Peer to peer networks
- Email accounts
If these accounts are secured by just a weak or reused password, there’s a possibility they’ve been hacked without you knowing it. A hacker could have access to your valuable data and potentially steal your identity to sell it on the dark web.
What types of personal information is at risk on the dark web?
Any information you store online could potentially be stolen. LastPass dark web monitoring checks your email addresses against a database of breached credentials to see if they have been involved in any breaches. If the dark web scan shows that an account has been compromised, you are sent an alert that tells you what account needs attention. You should immediately change your password for the account to help prevent any data theft. The information that hackers find valuable are items like:
- Credit card numbers
- Phone numbers
- Addresses
- Social security numbers
- Bank account numbers
View “Mystery of dark web” infographic to see how much your data is worth on the dark web.
What is the difference between the deep web and the dark web?
The deep web is anything on the internet that isn't indexed by a search engine like Google. For example, content behind a paywall like membership sites or anything the content owner chooses to block from being indexed. This content can still be accessed by a standard browser.
The dark web is purposefully hidden and requires a Tor browser to access. Estimates say it is about 5% of the total internet.
Is the dark web illegal?
The dark web itself is not illegal, but illegal activity takes place on the dark web. Because visitors can remain anonymous, it is useful for cybercriminals who want to take part in illegal activities. For example, a cybercriminal may hack into a website and steal user data (like a credit card number or social security number) and sell it on the dark web.
Is the dark web dangerous?
Simply being on the dark web is not inherently dangerous; however, the average person doesn’t have a need to be on it. There are some use cases for the dark web that aren’t criminal. For example, in some countries with strict governments that prevent access to information online, citizens use the dark web to seek information and share their views freely.
The real risk is that your personal information may end up on the dark web. If you protect your data online, you will not need to worry about the dark web.
Do cybercriminals really want my data? And how much is it worth?
Cybercriminals hacking into company databases and stealing user data is very common. You have probably heard of these data breaches in the news. But did you know it doesn’t just happen to enterprise businesses?
Cybercrime happens to regular people everyday, no matter how valuable the information may be. You may think your sensitive information isn’t worth much, but it’s still valuable to some bad actor.
While each piece of data (like a credit card number) might only be worth a few dollars when they resell it, this adds up when they’ve stolen thousands or hundreds of thousands of pieces of sensitive information. To see the full breakdown of how much your data is worth check out “Mystery of dark web” infographic.
How cybercriminals target your sensitive information?
- Hackers have numerous ways to target people, like phishing emails, misspelled web addresses loaded with malware, as well as weak and reused passwords
- Personally identifiable information is valuable to hackers, which is why hackers target social media, banking logins, and any services recently hit by data leaks
- They often target valuable information, like credit card numbers, social security numbers, and company’s intellectual property
How can I prevent my data from getting on the dark web?
There are many steps you can take to protect yourself, and a few of these can easily and cheaply be put in place right away.
- Create unique and strong passwords for every online account: This is essential because it makes it harder for hackers to get into your accounts, but it also means if they crack one they don’t have access to any others. You can use a password generator to create these unique, strong passwords.
- Use a password manager: If you have unique passwords for every account, you won’t be able to memorize them all. You need a password manager to securely store and fill them for you.
- Turn on multi-factor authentication (MFA) for any sites that offer it. Multi-factor authentication requires you to provide an additional form of authentication on top of your password when logging into your account. Many accounts – like email and social media – offer MFA to help prevent cyber criminals from gaining access.
- Use a dark web monitoring service: Dark web monitoring checks your information against a database of breached credentials and will alert you if your information has been compromised. This way you can change the passwords for those breached accounts.
How does dark web monitoring work?
LastPass dark web monitoring proactively checks your email addresses against our partner Enzoic’s database of breached credentials. You will be alerted with an email and an in-product message if your email address has been compromised and which account is at risk.
Read more about dark web monitoring and our partnership with Enzoic in our Support Center.
Does LastPass scan the whole dark web?
You may hear the term “dark web scan” and wonder how it’s possible for a solution to scan the entire dark web – especially if it’s so hard to access and it’s anonymous. When you hear the term dark web scan, what’s really happening is your credentials (like email addresses) are being checked against a database of credentials from known breaches. At LastPass, this service is provided by our partner Enzoic and in keeping with our zero knowledge model.
How do I know if my email has been hacked?
If you use dark web monitoring with LastPass, you will receive an email and in-product alert as soon as your email address has been found as a part of a breach. Here are some typical signs that someone is abusing your email account:
- Strange emails in your sent folder.
- Unexpected password reset emails.
- Complaints from your contacts.
- Unusual IP addresses, devices, and/or browsers detected.
What do I do if I get a dark web alert?
You should immediately change the password for the compromised account. Read our blog post to see what you can expect.
More details can be found on how to manage dark web alerts in our Support Center.
Is dark web monitoring enough to keep me safe online?
Dark web monitoring is a great tool to have in your cybersecurity arsenal. However, there are additional steps you can take to protect your personal information from cybercriminals and identity thieves.
Re-using passwords is a very common habit that puts you at risk. If a hacker can figure out the one password, they can access all other accounts that use that password. If you use your password for social media and online banking, and you click a spammy link on a social media site, your banking information could be vulnerable if your password is hacked.
WiFi networks can easily be hacked, so leveraging a virtual private network (VPN) will ensure that your internet browsing data stays safe.
Find more tips to protect you from identity theft in our blog.
Can dark web monitoring help businesses?
Yes. The online security practices of end users affect the safety of the entire business. Weak and reused passwords can make it easier for hackers to get into a user’s work accounts just as easily as their personal accounts. LastPass dark web monitoring is available to all LastPass business users, so they can ensure they are keeping themselves safe online.
How do I manage the dark web monitoring policy for LastPass Business users?
LastPass admins of LastPass Business accounts can manage the “Control dark web monitoring” policy and its settings.