FAQ: Dark Web Monitoring from LifeLock

Dark Web Monitoring is a service that scans for your personal information on hard-to-find dark websites and forums. When we detect your information on the dark web, we notify you.

It is important because identity thieves can sell your personal information on hard-to-find dark websites and forums.

Why am I receiving a notification that my information is found on the dark web?

You have received this notification as the information belonging to you is available on the dark web and may be bought or used by hackers to commit identity crimes. Here are some reasons why your information may have been found on the dark web.
  • Website breaches

    This could be because a website in which you entered your information to sign up or for using any of the services associated with the website may have suffered a breach incident. It may be difficult for you to remember, or you simply may not know other services that are associated with the website.

    Even though you may have stopped using the website, or deactivated the account, or unsubscribed, the information could still be available in their systems.

  • Leaked usernames and passwords (known as Combo List)

    In some cases, usernames/email address and password pairs are uploaded as a text file (known as Combo List) on to the dark web. This file is machine readable and can be used as an input to tools that will automate authentication requests to a website or an application programming interface (API).

    You will receive a notification if your information is found in the Combo List. Due to security purposes, you will only see the password partially. Note that the password may not be your most recent, but one you have used in the past. You need to verify that the email address associated with this password belongs to you before we partially unmask and display the password.

    For more details, read Learn more about Password Combo List notification.

  • Exposure of your personal information from an unconfirmed source

    Your personal information gets exposed by an unconfirmed source on the dark web. Unfortunately, we don't have the complete details on the breach hence could not provide you with the name or source of the exposure. However, we will specify the category of the exposed information so that you change and strengthen your online logins and passwords.

    Note that our Member Services & Support agents do not have any additional information about this exposure, nor do they know if your exposed personal information is being used in any suspicious manner.

    We're constantly scanning for your personal information on the dark web and will continue to notify you if we find anything. In the meantime, we advise you to be prudent with your personal information going forward.

What should I do if I get a dark web notification?

You can sign in to your account or your mobile app to view the notification that you have received. If you have problems signing in, read Recover your Norton account.
Depending on your region, use the below links for a full list of best practices and next steps:

What is a data breach and how do I handle one?

A data breach is a security incident in which information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. They are a costly expense that can damage lives and reputations, and takes time to repair.
In most cases, cybercriminals don't just hold on to the information they access, but they may find ways to exploit it for personal gain. So, it is important to take steps and protect your personal information.
If you received a breach notification, read Learn what to do if you were informed of a breach for the next steps.

What role does Dark Web Monitoring play in helping me protect my information?

As part of our service, we scan the surface, deep, and dark web for exposure of information. When you subscribe, it defaults to monitor your email address, and we run a one-time historical dark web scan looking back to 2008 to determine if the information you provided us has been previously exposed. If we find exposed information, we notify you.
We run continuous scans and are on the lookout for exposed information. If your information has been exposed, you can be proactive and take several actions to help protect yourself.

Why can't I respond to the Dark Web Monitoring notification to confirm my identity?

For some alerts, we ask you for a confirmation of the activity or transaction so we can determine if there might have been the possibility of an identity theft incident.
For other notifications, such as Dark Web Monitoring, we are notifying you that information which may belong to you has been detected. These notifications do not require a confirmation from you because it is a result of a scan we perform on your behalf, and not a result of your activity.

Other common questions on Dark Web Monitoring

  • Can you erase my information from the dark web?

    We do not, nor we able to, erase information from the dark web because of the highly anonymous nature of forums, communities, and black markets in which criminals operate.

  • I don't recognize the website mentioned in my Dark Web Monitoring notification. How do I know I have used this before?

    There could be several reasons why you may not recognize the website mentioned in a notification. For example, the account may have been created via Facebook or Google log in. Some accounts may be old, and you may not remember having used the website or service. In some instances, you may have provided login details (username/password) for one-time use, after which you may have never gone back to the website or account again. Sometimes breached sites or services may deactivate exposed accounts which can make it difficult to remember or identify an account as belonging to you.

  • How often are the scans of the dark web performed? How current is the data that is found?

    With our ongoing algorithms, we notify you when we find information that may belong to you on the dark web.

  • What is the difference between the Exposed Information and the Additional Exposed Information sections within the Dark Web Monitoring Notification?

    Your Dark Web Monitoring Notification displays two types of exposed information. When you enroll you provide us information and we monitor it actively. If we detect this information on the Dark Web, it will be displayed in the Exposed Information section of the Dark Web Monitoring Notification.

    If we detect other exposed information that may be related to you, we will notify you on this as well. Even if you did not provide the specific information to us, it is possible to use the information you have provided to help detect other information that may have been exposed; but since we have not collected this information from you, we can only notify you that it has been exposed, and not provide any other details. For example, in the case of a healthcare database breach, if you have provided your Insurance Account and Insurance Provider information for monitoring, we may also be able to notify you of additional data that may have been exposed, such as blood type, prescription medications, diagnoses, and related details. This type of information would be displayed in the Additional Exposed Information section of the Dark Web Monitoring Notification.

  • Does your company pay for personal information or buy personal information on the dark web?

    We do not pay for or buy any personal information on the dark web, private forums or any other means.

  • How can I be sure that your employees do not use or sell my personal information?

    Any data that you provide is encrypted, and only a few selected employees, who undergo training on how to handle personal information can access the sensitive personal information. These employees must provide their own unique credentials every time they access personal information and are subject to monitoring by our Information Security team.

  • How do I know my personal information that I entered is secure?

    Personal information is stored and managed by an advanced database that is encrypted.

  • Does your company monitor 100% of the dark web and private forums?

    Since the dark web is constantly changing, no one can guarantee that they monitor 100% of the dark web and private forums. Dark Web Monitoring goes beyond easily accessible sites and marketplaces, infiltrating private forums, social web, deep web and dark web.

Video: Dark Web Monitoring

§For Norton offerings provided to you by a Service Provider or through channels outside the United States, the LifeLock identity theft protection services and coverage, plan feature names and functionality might differ from the services offered directly by Norton. Please contact your Service Provider for details on their Norton plan offerings.

The solution made it easy for me to handle my issue.

Yes No

Help us improve this solution.

Thank you for helping to improve this experience.

What would you like to do now?

Browse for solutions, search the Norton Community, or Contact Us.

DOCID: v127344370
Operating System: Windows, Mac OS X, Android, iOS
Last modified: 12/01/2021