We are discontinuing the dark web report
38 comments
·December 15, 2025prepend
thesuitonym
I never got the Google dark web reports, but my credit card used to send me reports constantly saying that my email address was 'found on the darkweb.' Okay, that's not useful information. If it showed me if there were associated passwords, that might be helpful, but just saying my address was found on the darkweb is meaningless. My email address is public information.
The worst part is, it was an email address I hadn't used in about 10 years, and they wouldn't let me take it out of the report.
deepsun
Well you could change the email address you use for the financial services only, and keep it secret. Then it would be harder to impersonate you.
placatedmayhem
Or, use a service that lets you generate an address for each business you deal with or use case you have so you can treat them as disposable. After chasing down spammers and companies selling my info, including my email, I found this was easier to keep up with and is more effective. Spam me once or sell it to another company, and I burn that address, replacing it with the original company if I really need them to keep in contact.
password-app
Google discontinuing this is unfortunate timing given the recent breach surge (700Credit, SoundCloud, LinkedIn leak).
Alternatives: haveibeenpwned.com (free), 1Password Watchtower, Bitwarden breach reports.
The harder part isn't knowing about breaches—it's actually rotating passwords afterward. Most people know they should but don't because it's tedious.
Automated rotation tools are emerging but need careful security architecture (local-only, zero-knowledge) to avoid creating new attack vectors.
levocardia
I might be misremembering this but FWICR on Chrome it would link your saved passwords with the dark web report, and automatically recommend you change any account that had the same password as the "pwned" account found in the dark net. Was pretty useful.
permo-w
Apple has this feature on iOS. no idea where they source the info from, but in your keychain it will say something like "this password has appeared in a data leak"
MinimalAction
While this was a free service and thus Google is under no obligation to continue offering this service, this is still quite sad. They could have atleast bundled it for some tier of Google One paid subscription.
therein
It was as inactionable and useless as the ones that ID.me or whatever sends. Also calling it Dark Web report always felt super insincere. It had nothing to do with the "dark web", that just served a way to make it sound cooler and more hackery. Aren't we talking about something that's equivalent to HaveIBeenPwned?
mholt
Discover (Card/Bank) also announced recently that they are stopping their dark web report service. I wonder if they just used Google, or if it's a coincidence...
rolph
dark web reports in general, seem to be a funnel for paid "security" and monitoring services, VPNs AV suites, typically you review your passwords for strength and redundancy, then you are redirected to buy some service, that ultimately looks like a data hoover, and put everything in a cloud scheme. now we have AI and FOMO to hook and reel in, seemingly more effective than darkweb boogeymen for adoption and revenue.
xxmarkuski
I set it up for an old Google account that has been breached. It did a relatively good job, but HIBP has more data in my experience, albeit it mainly looks at emails, whereas Google's report can do lookups by full name, address, and phone number. I think it was useful, but did not get enough love to be like a second HIBP.
bflesch
Can one of the good souls at google please donate the data to archive.org?
Mistletoe
The email about this went to my spam folder on Gmail. Ok, come on Google.
pluto_modadic
huh. did their source / login get burned?
arccy
did anyone ever get a report? i never got anything at all...
breppp
yes, it was a cool feature showing which of your data has leaked and in what leak
I remember email and phone being the major ones. A kind of improved haveibeenpwned
lavezzi
yes, but recent alerts don't seem to be reporting properly, which now makes sense given the news.
tonytamps
always with 2 days of a HIBP email
I found the info not actionable because it wouldn’t say what actual values were posted.
I have a common name Gmail account. The password is rather complex and I would be surprised if it leaks as only I and Google know it. However, I would get reports that it’s on the dark web with blanked out password values. So I never knew if they actually compromised or just something else.
They would also report when some random site that used my Gmail address as user id was on the darknet that I don’t care about. I don’t care if my fidofido account is leaked. I never use it and if I did, then I would reset.
I think if the data were useful Google would have kept this up.
I bet they keep tracking though, just keep the reports internal.