You have probably heard the term "dark web" in news reports about data breaches, cybercrime and identity theft. But what is the dark web, what actually happens to your personal data when it ends up there, and how can dark web monitoring services — now included in many antivirus suites — protect you? This article explains everything you need to know.

What is the Dark Web?

The internet can be divided into three broad layers. The "surface web" is what most people use every day — websites indexed by Google, Bing and other search engines. The "deep web" refers to content that is not indexed: your email inbox, online banking portal, medical records, corporate intranets and similar private content. The "dark web" is a small portion of the deep web that requires special software (most commonly the Tor browser) to access and that is specifically designed to be difficult to monitor or trace.

While the dark web has legitimate uses — journalists communicating with sources in repressive regimes, political activists in authoritarian countries — a significant portion of its activity involves criminal marketplaces where stolen data, hacking tools, counterfeit documents, drugs and other illicit goods are traded.

What Happens to Your Data in a Breach?

When a company — a retailer, a bank, a health service, a social media platform — suffers a data breach, the stolen data typically follows a predictable path:

• Initial exploitation: The attacker uses the stolen credentials immediately for the most valuable accounts — banking, email, cryptocurrency wallets.
• Sale on dark web marketplaces: The bulk of stolen data is packaged and sold on dark web forums and marketplaces, often within hours of the breach. Prices vary based on the type of data: full credit card details with CVV and billing address, known as "fullz," typically sell for $10–$30 per record; login credentials for accounts linked to financial services command higher prices.
• Credential stuffing attacks: Automated tools use stolen email/password combinations to attempt logins across hundreds of popular websites simultaneously, exploiting the fact that many people reuse passwords.
• Identity fraud: Sufficiently detailed personal information can be used to open fraudulent bank accounts, apply for credit, file false tax returns or commit other forms of identity theft.

The scale of the problem is staggering. The website HaveIBeenPwned, which tracks publicly disclosed breaches, currently indexes over 14 billion compromised accounts. Billions more credentials circulate on dark web forums that are never publicly disclosed.

How Does Dark Web Monitoring Work?

Dark web monitoring services employ a combination of automated crawlers, human intelligence and partnerships with law enforcement and cybersecurity organisations to continuously scan dark web marketplaces, paste sites (where stolen data is often publicly posted), and private hacker forums for personal information.

You register the personal details you want monitored — typically your email address(es), and in more comprehensive services your phone number, national ID numbers, credit card numbers, bank account details and home address. When a match is found, you receive an immediate alert detailing what was found and where, along with recommended actions.

What Should You Do When You Receive a Dark Web Alert?

• Change the affected password immediately: If a password has been exposed, change it on every site where you use it — then stop reusing passwords by switching to a password manager.
• Enable two-factor authentication (2FA): Even if an attacker has your password, 2FA prevents them logging in without also having access to your phone or authentication app.
• Monitor your financial accounts: If credit card or bank details were exposed, contact your bank, monitor your statements carefully and consider requesting a new card or account number.
• Place a credit freeze: If your Social Security number or national ID was exposed, a credit freeze (available free through the major credit bureaus) prevents criminals from opening new credit accounts in your name.

Which Antivirus Products Include Dark Web Monitoring?

Dark web monitoring is now included as a standard feature in several major antivirus suites:

• Norton 360: Monitors email addresses, phone numbers, credit card numbers, bank account numbers and more. Available across most Norton 360 plans.
• McAfee Total Protection: Includes 24/7 identity and dark web monitoring with real-time breach alerts. Higher-tier plans add identity theft insurance and restoration support.
• Bitdefender Total Security: Data Breach Detection included, monitoring your email addresses against known breach databases.
• Trend Micro Maximum Security: ID Protection feature includes dark web monitoring for US and Canadian customers.
• Avira Prime: Dark web scanning for monitored email addresses included.
• Panda Dome: Dark web scanner checks if your registered email addresses have appeared in known breaches.

Is Dark Web Monitoring Worth It?

Given the scale and frequency of data breaches — and the speed with which stolen data is monetised — dark web monitoring is one of the most practically valuable features in a modern security suite. The alternative is finding out that your credentials have been compromised the hard way: when your bank account is emptied, your email is taken over, or you are contacted about a loan you never applied for.

Because dark web monitoring is now included as standard in most premium antivirus plans at no extra cost, there is little reason not to activate it. If you are not currently using a security suite that includes this feature, it is worth considering an upgrade.