Part of this week’s news includes yet another major data leak — this time involving AT&T, which announced that account information for 7.6 million current and 65 million former customers was released on the dark web in mid-March. Details consist of full names, email addresses, home addresses, phone numbers, dates of birth, account numbers and passcodes, and social security numbers.
But a relative of mine got a warning much sooner about being caught in that group of 72.6 million people. On March 22, an email from Google hit their Gmail inbox, with a simple subject line: “You have new dark web results.”
Clicking the link brought them to their Google One dark web monitoring results page, which showed not just what info triggered the alert, but affiliated data also found in the results. While their social security number wasn’t part of their monitoring profile, they still got the comprehensive overview of what leaked.
As a result, they were ready late last week with already completed credit report freezes, password update, and also passcode change when AT&T finally broke its silence. They even had time to help other family members and chat with me about their experience. Previously, I’d only seen Google One report on data breaches and leaks I’d long known.
The only drawback of using Google’s dark web monitoring is that it’s not free — Google One plans start at $20 per year. But it can be shared with up to five other users, each able to set their own profile for dark web monitoring. And of course, these subscriptions come with increased cloud storage — their main selling point.
Having a source of timely security info can be invaluable, though, given how commonplace big data leaks and breaches are nowadays. If Google’s offering isn’t to your taste, similar alternatives exist, like within antivirus software. If you’re already paying for one of the better suites (like our current top pick, Norton 360 Deluxe), it’ll keep track of the same kind of info as Google One. However, none of the antivirus plans that I’ve tested so far were as fast to raise a flag as Google.
Even if you don’t use a paid dark web monitoring service, you can be proactive about your online security by using unique strong passwords (which thwart credential stuffing attacks), using two-factor authentication (which prevent access to your account even if someone knows the password), and not using easily discovered information as the answers for security questions (better to treat them as secondary passwords). Tools like a good password manager can make these steps easy to manage.