Back to blog
Security
5 min

How to Check if Your Data Is on the Dark Web (Free Tools + Step-by-Step Guide)

Find out if your email, passwords, or phone number have been leaked to the dark web. Step-by-step guide using Have I Been Pwned, Google Dark Web Report, Firefox Monitor, and Apple password monitoring.

LOCK.PUB
2026-03-06
How to Check if Your Data Is on the Dark Web (Free Tools + Step-by-Step Guide)

How to Check if Your Data Is on the Dark Web

Most people assume their personal data is safe until they get a breach notification. But by then, your email, passwords, and phone number may have been circulating on the dark web for weeks or months.

The good news: you do not have to wait. Several free tools let you proactively check whether your information has been compromised. This guide walks you through each one, step by step.

What Is the Dark Web and Why Your Data Might Be There

The dark web is a part of the internet that is not indexed by search engines. You need special software like Tor to access it. While it has legitimate uses, it is also where stolen databases are bought and sold.

When a company gets hacked, the stolen data often ends up on dark web marketplaces. This includes:

  • Email addresses and passwords from breached services
  • Phone numbers tied to social media or banking accounts
  • Credit card numbers and financial information
  • Government IDs and Social Security numbers

Even if you have never visited the dark web, your data could be there because a company you signed up for got breached.

Free Tools to Check Your Data

Here are the most reliable tools, all free to use:

Tool What It Checks Cost
Have I Been Pwned Email, phone, passwords Free
Google Dark Web Report Email, name, phone, address, SSN Free (Google account required)
Firefox Monitor Email addresses Free
Apple Password Monitoring Saved passwords in iCloud Keychain Free (Apple devices)

Step by Step: How to Use Each Tool

1. Have I Been Pwned (haveibeenpwned.com)

This is the gold standard. Created by security researcher Troy Hunt, it tracks over 800 breaches and 14 billion compromised accounts.

To check your email:

  1. Go to haveibeenpwned.com
  2. Enter your email address in the search box
  3. Click "pwned?"
  4. Review the list of breaches that include your email

To check your password:

  1. Go to haveibeenpwned.com/Passwords
  2. Enter a password you use (the site uses a secure k-anonymity model, so your full password is never sent to the server)
  3. If it says "This password has been seen X times before," stop using it immediately

To get future alerts:

  1. Click "Notify me" at the top of the page
  2. Enter your email address
  3. You will receive an email the moment your address appears in a new breach

2. Google Dark Web Report

Google now offers dark web monitoring for all Google account holders.

How to access it:

  1. Go to myaccount.google.com
  2. Navigate to "Security" in the left menu
  3. Scroll to "Dark web report" and click "Get started"
  4. Choose what information to monitor (email, phone, name, address)
  5. Review the results

Google scans dark web forums and marketplaces and alerts you if your monitored information appears. It checks more data types than most free tools.

3. Firefox Monitor (monitor.mozilla.org)

Mozilla's tool pulls data from Have I Been Pwned but presents it with actionable recommendations.

How to use it:

  1. Go to monitor.mozilla.org
  2. Enter your email address
  3. Click "Check for Breaches"
  4. Review the breaches and follow the suggested actions

Bonus: Sign up for an account to monitor multiple email addresses and get automatic alerts.

4. Apple Password Monitoring

If you use an iPhone, iPad, or Mac, Apple checks your saved passwords against known breach databases automatically.

On iPhone or iPad:

  1. Open Settings
  2. Tap "Passwords"
  3. Tap "Security Recommendations"
  4. Review any passwords flagged as "compromised" or "reused"

On Mac:

  1. Open System Settings
  2. Click "Passwords"
  3. Look for the "Security Recommendations" section

Apple checks your stored passwords against a continuously updated list of leaked credentials, using cryptographic techniques that keep your actual passwords private.

What to Do if Your Data Is Found

If any of these tools flag your information, take these steps immediately:

If your email was in a breach:

  1. Change the password on the breached service
  2. Change the password on any other service where you used the same one
  3. Enable two-factor authentication (2FA)
  4. Watch for phishing emails that use your leaked information

If your password was exposed:

  1. Stop using that password everywhere
  2. Use a password manager to generate unique passwords for every account
  3. Prioritize changing passwords for email, banking, and social media accounts

If your phone number was leaked:

  1. Be extra cautious about unexpected calls and texts
  2. Do not click links in SMS messages from unknown senders
  3. Contact your carrier about SIM swap protection
  4. Consider using a separate number for sensitive accounts

If financial information was exposed:

  1. Contact your bank or card issuer immediately
  2. Set up transaction alerts for all accounts
  3. Consider a credit freeze (in the US: Equifax, Experian, TransUnion)
  4. Monitor your credit report regularly

Prevention: Stop Leaking Data in the First Place

Checking for breaches is reactive. Here is how to be proactive:

Use strong, unique passwords. A password manager handles this for you. One breach should never compromise your other accounts.

Enable 2FA everywhere. Even if your password leaks, 2FA keeps your account safe.

Minimize your digital footprint. The fewer places that have your data, the less there is to leak. Unsubscribe from services you no longer use and delete old accounts.

Share sensitive information through encrypted channels. When you need to send someone a password, account number, or personal document, do not drop it into iMessage or email where it lives forever. Use a service like LOCK.PUB to create an encrypted, password-protected memo that expires automatically. That way, even if the recipient's account gets breached later, your sensitive data is already gone.

Make This a Regular Habit

Do not check once and forget about it. Set a quarterly reminder to:

  • Run your email through Have I Been Pwned
  • Review Google's Dark Web Report
  • Check Apple's Security Recommendations for flagged passwords
  • Update any passwords that appear in new breaches
  • Review what services have your personal information

Data breaches happen constantly. The difference between being a victim and staying ahead of the threat is simply knowing where to look. Start with the tools above, take action on anything that comes up, and use LOCK.PUB whenever you need to share sensitive information securely.

Create a Secure Memo →

Keywords

dark web data check
have I been pwned
check data breach
is my email on dark web
dark web monitoring
check if password leaked
data breach check free

You might also like

How to Create a Digital Emergency Contact Card (ICE Card) That Could Save Your Life

If you're unconscious after an accident, first responders need your emergency contacts, blood type, and medication list — fast. Here's how to create a digital ICE card they can actually find.

Digital Safety

Digital Emergency Binder — How to Build an Online Document Folder Your Family Can Access When It Matters

Insurance policies, bank accounts, utility logins — learn how to organize your critical documents into a digital emergency binder your family can actually find and use in a crisis.

Digital Safety

How to Share Legal Documents Securely with Your Lawyer

Learn safe methods for sharing contracts, court filings, NDAs, and sensitive legal documents with attorneys and other parties without compromising confidentiality.

Secure Sharing

Create your password-protected link now

Create password-protected links, secret memos, and encrypted chats for free.

Get Started Free
How to Check if Your Data Is on the Dark Web (Free Tools + Step-by-Step Guide) | LOCK.PUB Blog