Free Dark Web Report from Experian – Part Three

On Monday and Wednesday we took an in depth look at the free dark web scan being offered by Experian.  As we found out on Wednesday, I was not too impressed with the results of the free scan.  Better information is available from

What is Experian really offering?  The free scan just looked for the email address I provided, the same as HaveIBeenPwned.  But, for the low, low price of $9.99 per month, Experian will also provide an ongoing scan for email address, social security number, phone numbers, drivers license, medical IDs, bank accounts, credit and debit cards, and passports.  This would be a much more comprehensive scan, and frankly more valuable.

I decided to give the 30-day free trial a try.  In order to make this possible, I had to provide Experian with more personal information.  Of course, this information is probably going to be stored unencrypted in a poorly defended Experian web server that will be a magnet for cyber-criminals, but what of that?  Hmmm.

So using an alias, I started to fill out the four step form.  Step one collected name, address, phone and email information.  My fake address of 666 Armageddon Way was rejected as invalid, so I provided a real address that was not mine.  At step two, they wanted my social security number, date of birth, a user name and password to set up the Experian account, and credit card information for my subscription billing.  Being unwilling to provide SSN or credit card information, I stopped.  Presumably steps 3 and 4 would have you providing drivers license, bank, medical insurance, and passport information.

A quick search of reviews on Google confirmed this, although providing some of the information is optional.  But whatever you didn’t provide would not be searched for, so this would limit the effectiveness of the service.  Nowhere was I able to confirm if this information is to be stored in an encrypted form.  But I was able to confirm that this information will be used for marketing purposes by Experian, sister companies, and affiliates.  I was also able to confirm that any legal actions you might want to take against Experian for some future breach would be subject to arbitration.

So I am NOT recommending this service.  This is just not worth the risk, and there are other organizations that are security focused, not credit focused, that can provide this service.  At this time, I have nothing to recommend other than HaveIBeenPwned, but stay tuned.  This is an interesting service option that we may eventually need to have just like home, auto, and business insurance.  I will be looking for reliable alternative services, and report on them in the future.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.