Google will reveal which of your personal data has been leaked online.
Google is making its Dark Web Report available to hundreds of millions of users with a free Google account — and that means you’ll soon learn where your personal data has been leaked online.
Until now, Google’s Dark Web Report was only available to customers who paid for a Google One account. As of the end of this month, however, Google is making the service available to anyone with a Google Account, paid or not.
This means hundreds of millions of people will now receive an alert when their email address, date of birth, passwords and other sensitive data has been exposed as part of a data breach.
Here’s the kind of information the report can reveal about you.
How the Google Dark Web Report works
To find out if your information has been part of a data breach, you first need to create what Google calls a monitoring profile.
By default, this includes your name, date of birth, and Gmail address. Google also allows you to add other information to your monitoring profile, including your mailing address, additional email addresses, and phone numbers.
After entering this information, Google searches for matches in data that has been published on the dark web as a result of data breaches.
You get an instant summary of how many data breaches your data has been involved in and what type of information has been leaked, as shown below.
Google reveals how many times your personal data has been leaked.
You can click on each of these categories to find out which specific leaks contain your personal information.
For example, the screenshot below shows a summary of the information that was captured about me as part of the MGM data breach that was disclosed last year.
The Dark Web Report reveals what details were leaked in each attack
This information is not necessarily accurate or up-to-date, which is why Google masks some of the details.
How to use the Google Dark Web Report
There really isn’t much you can do if the Google Dark Web report reveals that details like your postal address or date of birth have been leaked in an attack. It would be pretty extreme to move just because your address has expired, not like changing your date of birth.
You can change your email address, and some privacy-conscious people periodically change their email addresses to improve security and reduce spam. However, given that so many online accounts are associated with an email address, this will involve at least a degree of admin while you update the accounts to your new address.
It might be wise to use a portable webmail account to sign up for everyday web services that require an email address, and then use a more permanent address (perhaps one associated with a domain you own) for more sensitive accounts such as online banking and government websites.
The big one to pay attention to and act on immediately is passwords. If the Google Dark Web report reveals that your password was compromised in an attack, you can click to see exactly which password was leaked. Google will only reveal a few characters of each leaked password for security reasons, but that should be enough to confirm if you’ve used it regularly or (worse) across multiple sites.
Make sure you change any breached password immediately. I highly recommend using a password manager like the free Bitwarden to make sure you have strong, unique passwords for every site you sign up to, so that if a password is leaked from one site, the damage is limited.
How to get the Google Dark Web report
Google’s support page says that the Dark Web Report “will become available to all users with a Google user account” from the end of July.
It’s not yet clear where it will appear, but the security section of your Google My Account page would be a good place to start looking.
