Are your personal details for sale on the Dark Web?

The internet is central to our lives. We use it in both our work and personal capacity while browsing for information, exchanging messages and making connections. We also use it for e-commerce and social media, so it’s become inevitable that we’ll need to disclose some personal details online in certain cases.

That’s why we use passwords and encryption – to keep our data safe. But a chain is only as strong as its weakest link. Even though you might take every precaution to keep information secure on your personal and business devices, other networks that have been given your personal data need to be just as secure to protect your information properly. A third-party breach – like the Facebook data theft of March 2021 – could see your information stolen, exposing you to the nightmare of identity theft.

Identity theft can ruin your life

Unfortunately, there is a thriving criminal market for stolen personal data on the Dark Web. Once they have enough of your personal details, cybercriminals can create fake identities in your name. This might allow them to commit fraud directly against you, by accessing your online accounts to withdraw money, but it could also allow them to commit criminal acts in your name.

Your stolen identity might be used to buy drugs, arms or other illegal items online, or you could be signed up for credit cards and store accounts that fraudsters then max out, leaving the unpaid debt to destroy your credit score. You could be signed up as the director of a front company, which is a company disguised as a legitimate business to hide their criminal financial activities like money laundering. There are many ways your information can be valuable to such criminals online.


The Deep Web is the 96% of the internet that cannot be accessed by random browsers using ordinary search engines


The worst part is that you may not even be aware that your personal information has been harvested illegally and is now for sale on the Dark Web. You need to check up on this yourself, and if you find your data has been compromised, take certain steps to protect your identity online.

We’ll explain how to do that shortly, but first we should define what we mean by ‘the Dark Web’. According to the Center for Internet Security (CIS), there are actually 3 layers to the internet: the Surface Web, the Deep Web and the Dark Web.

What’s the difference between the Surface, Deep and Dark Webs?

  • The Surface Web is what we think of as ‘the internet’ in our regular daily activity. It’s available to anyone with a connected device using standard search engines and web browsers like Google Chrome, DuckDuckGo, Firefox, Internet Explorer or Edge. It makes up just 4% of the internet.

  • The Deep Web is the 96% of the internet that cannot be accessed by random browsers using ordinary search engines. Mostly, this is not because they contain anything illegal or subversive. They are in the Deep Web because ordinary users simply don’t need to access them. For example, many Deep Web sites are storage databases for content and data that support services we use online, like social media or banking sites. Only certain users with authenticated permissions can access these sites to update them. Deep Web users don’t browse. They will type in a specific URL or IP address to access Deep Web services and sites, and they will need to log in with authentication like a password. Some pages don’t appear on the Surface Web because they don’t use common domains like .com, .gov or .edu, so search engines ignore them. A site can also be on the Deep Web because its creators have explicitly blocked search engines.

  • The Dark Web, according to CIS, ‘is a less accessible subset of the Deep Web that relies on connections made between trusted peers and requires specialised software, tools, or equipment to access. Two popular tools for this are Tor and I2P. These tools are commonly known for providing user anonymity. Once logged into Tor or I2P, the most direct way to find pages on the Dark Web is to receive a link to the page from someone who already knows about the page. Malicious actors use the Dark Web to communicate about, sell, and/or distribute illegal content or items such as drugs, illegal weapons, malware, and stolen data such as your full name, home address, credit card information, ID numbers, driver’s licences and so on. However, just like the Surface Web, there are several legitimate activities on the Dark Web as well, including accessing information, sharing information, protecting one’s identity, and communicating with others. Many news organizations operate on the Dark Web to protect confidential sources.’

What to do if your personal information ends up on the Dark Web

You can check if anyone is selling your personal details without venturing onto the Dark Web itself, on this site: Have I Been Pwned. You can also sign up on this site to be notified when your email address appears in future dumps on the Dark Web. It’s worthwhile to run this check occasionally, even if you have no reason to suspect your data has been exposed. You can search multiple data breaches to see if your email address or phone number have been compromised.


Be vigilant about your data and avoid falling victim to cybercrimes like phishing


If you do find your information being sold on the Dark Web, you will need to block access to your data immediately by changing your passwords and possibly even closing some accounts to open new, secure ones. Encrypt your data and back it up regularly to password-protected storage.

You should also apply for a free protective registration listing with the Southern Africa Fraud Prevention Service (SAFPS) immediately. The SAFPS alerts members, including banks and credit providers, that a member’s identity has been compromised and that credit providers must take additional care to confirm that they are transacting with the legitimate identity holder. You can apply for a protective registration by contacting the SAFPS.

Data privacy tips for South African citizens

Be vigilant about your data and avoid falling victim to cybercrimes like phishing. Keep your online data safe with these practical tips:

  • Use a browser that supports data privacy, like DuckDuckgo.

  • Use multi-factor authentication wherever possible.

  • Use unique passwords for all your accounts that contain information that you consider private.

  • Close accounts for services that you no longer use and delete unused apps on all your devices.

  • Regularly update your device software and applications.

  • Manage your privacy settings on all your devices and applications and give only the minimum data and permissions needed to use the service.

  • Avoid oversharing on social media and other platforms. If you feel compelled to share a photo of a cute animal in the game reserve, for example, wait a while before posting the picture – and be sure to remove any geotag information from the photo or video before you post it.

  • Do not use public wi-fi offerings. We know this tip may not be a practical reality for some people. However, if you have no other option but to use public wi-fi offerings, do not perform any transactions on them that might expose your private data.

  • Encrypt your data and back it up regularly to password-protected storage.

  • To guard against identity theft, conduct a credit check on your name at least once a month. You can check your credit score for free anytime you like on the Nedbank Money app.