Other products

Learn more about Password Combo List notification from LifeLock

A combo list is a text file containing a list of usernames/email addresses and passwords. They are assembled by cybercriminals over multiple data breaches or other security incidents, then are sold or leaked on the dark web, which means identity thieves or cybercriminals could use them to commit identity theft or other crimes.

When we detect your exposed username/email and password pair on the dark web as part of a combo list, we send you a notification. While we cannot remove this information from the dark web, you can take certain actions to protect it. We advise you to change the exposed username/email address and password on all sites where you might have used them. We also recommend you choose a new, unique, and strong password for each individual site. Don't use the same password every time.

The exposed password included in the Dark Web Notification has been partially masked or hidden for security purposes. Follow the steps below to see the partially exposed password.

See the exposed password

  1. Click the link in the alert notification.

  2. You receive a verification code to the exposed email displayed in the notification.

    • If you do not receive your verification code, check your spam or junk folders for an email from no-reply@myidentity.norton.com

    • As there may be a delay, check your folders again in 5 minutes, or check back again later. If you still do not receive your code, please contact your Internet Service Provider to resolve this issue

    • Do not send multiple requests as it will make the condition worse

  3. Enter the code that you received to see the last three characters of the password.

    • Due to security purposes, we do not display your entire password. Once we verify that the email address listed belongs to you, your password will be partially unmasked and displayed

    • Note that the password may not be your most recent, but one you have used in the past.

    • Members password is partially unmasked as per the rules below:



    8 or more


    If password has more than 8 characters, we can have more asterisks.















  4. To protect your information, update the sites in which you used this password with a new, unique, and strong password.

    • Change the exposed password on all sites where you might have used it

    • Choose a unique strong password on all sites where you might have used it. Its recommended to not employ the same password each time

    • Review your credit reports and watch for new credit inquiry alerts or suspicious activity. Consider freezing your credit file

    • Set up two-factor authentication whenever available for website.

Need more help?

I found this information helpful.

Yes No

Help us improve this solution.

Thank you for helping to improve this experience.

What would you like to do now?

Browse for solutions, search the Norton Community, or Contact Us.

DOCID: v136558013
Operating System: Android;Mac;Windows;iOS
Last modified: 05/16/2022