Tech giant Google says it will stop telling users of its ‘dark web report’ tool about data leaks as of February 2026, citing a lack of “helpful next steps” for those whose personal data appears on the dark web.
Launched in March 2023, the ‘dark web report’ tool was designed to help users keep track of their personal information as it appeared on the dark web.
The premise was simple: if Google found your name, address, email, phone number, or other sensitive details you wanted to monitor for a potential leak or data breach, you’d get a notification about your exposed data.
What started out as a premium service expanded to general access in 2024, but as of this week, Google has announced plans to dump the project.
“We are discontinuing the dark web report, which was meant to scan the dark web for your personal information,” Google said.
“While the report offered general information, feedback showed that it didn't provide helpful next steps.”
Lacking meaningful recourse for notified users, Google said it was discontinuing its ‘dark web report’ to instead focus on tools that give “more clear, actionable steps to protect your information online”.
“We'll continue to track and defend you from online threats, including the dark web, and build tools that help protect you and your personal information.”
The Australian Information Commissioner received over 1,100 data breach notifications in 2024, marking the highest breach tally since mandatory notifications started in 2018.
What to do after a leak
At the time of writing, Google gives users who appear on the dark web a breakdown of their exposed details, typically followed by some recommended actions to protect their data.
These often included general cybersecurity advice about changing passwords, enabling multi-factor authentication, monitoring impacted financial accounts, and freezing cards for impacted payment details, according to Guiding Tech.
Notably, however, Google could also monitor for more sensitive details – such as Social Security Numbers (SSNs) for US users – where broad stroke advice about password management wouldn’t offer much help.
Troy Hunt, founder of popular breach tracking platform Have I Been Pwned, explained to Information Age that in cases where a data leak wasn’t immediately actionable, there was still value in being aware of the exposed information.
“You have to look at it in two ways: the first being ‘is this information actionable?’, or rather, ‘what should people do?’
“SSNs in the US are a good example, because it’s often extraordinarily hard to change them outside of extenuating circumstances.
“The second lens to look at it through is whether there’s value in being informed, even if there’s no explicit action you can take.
“I would argue that every time someone finds out they’ve been in a dark web breach, they’re grateful for knowing.
“Conversely, if they’re not told — if an organisation suppresses it — they get pretty upset.
“To some extent, knowledge is power even if there is not a direct action available as a result.”
Dark web scanners falling like dominoes
Google’s announcement arrived only weeks after Mozilla, the not-for-profit software company and maker of web browser Firefox, revealed it was discontinuing its own leak scanning service Monitor Plus.
The service, which looked for personal information on illicit data brokering services, was officially discontinued on Thursday as the company moved to refocus its resources on “other privacy and security initiatives”.
“This shift will allow us to better serve our users and continue developing tools that have the greatest impact in helping people protect their digital lives,” wrote Mozilla, adding it will continue to offer a separate, free monitoring service.
Notably, online banking company Discover also announced plans to discontinue its similar ‘Online Privacy Protection’ product by mid-January.
“I find it interesting that two of the most dominant browser-makers are removing some of these features from their tools,” said Hunt.
“I suspect a lot of it, in both cases, is just focusing on core capabilities rather than doing stuff around the periphery — for which there are other services already available.”
