Over 105 million Americans could have a password exposed on the dark web

dark_web_passwords_ckImage: dark_web_passwords_ck
Editorial Note: Intuit Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. Information about financial products not offered on Credit Karma is collected independently. Our content is accurate to the best of our knowledge when posted.


According to new Credit Karma analysis, more than 105 million American adults have a password that could be found on the dark web.

Affecting nearly 42% of the total U.S. adult population, this is no small problem.

And it seems people with higher credit scores might be more at risk. Based on the analysis, about 62% of exposed passwords belong to Americans with scores of 660 or higher.

Additional key findings

Nearly 65 million Americans with scores 660 or higher have a password that could be found on the dark web.
Only about 3% of Americans with credit scores below 500 could have a password exposed on the dark web.
75% of Credit Karma’s more than 80 million members have been found in breaches both public and on the dark web, based on April data collected through Credit Karma’s identity monitoring tool.

The full breakdown

Of the more than 105 million people who could have passwords exposed on the dark web:

  • 3% have credit scores below 500
  • 18% have credit scores between 500 and 579
  • 17% have credit scores between 580 and 659
  • 32% have credit scores between 660 and 759
  • 30% have credit scores of 760 or above

What is the dark web?

Think of the dark web as the “unseen internet,” accessible only to those who have special software and a desire to move about online anonymously, without being traced.

If it sounds like a hotbed for criminal activity, that’s because it (mostly) is.

For sale on the dark web, you might find credit card numbers, hacked Netflix accounts, fake college diplomas, fake IDs, counterfeit money and, of course, people’s passwords and login credentials.

If that freaks you out, you’re not alone. ID theft is a top crime concern among people in the U.S. and the No. 2 highest reported crime.

And based on Credit Karma’s analysis, if you’re older than 18 and living in the U.S., there’s almost a 1 in 2 chance that one of your passwords is exposed on the dark web.

What you can do?

Is it time to panic? Not quite.

Even though the dark web sounds like a scary place (it’s even been used as the basis for horror movies), there are steps consumers can take to protect themselves and their information.

  • Create a strong password for each of your accounts. Ideally, you’d create one that uses random alphanumeric and special characters. On top of that, generally the longer your password is, the better. Using between eight and 15 characters (or more) can help. Also consider using a password manager, a secure tool that saves your passwords for you so you don’t have to remember them.


  • Check your financial accounts for suspicious activity. Regularly checking for any errors and suspicious transactions on your accounts is crucial to reducing the impact of ID theft. Review you credit reports, bank and credit card statements often. If you find any evidence of fraud, reach out right away to the appropriate financial institution and credit reporting bureau (or bureaus) to let them know what you found.


  • Enroll in an identity monitoring service. Consider enabling our free identity monitoring tool. With this tool, Credit Karma scans more than 13 billion breach records, both public and from the dark web, on behalf of our members.


  • Place a fraud alert on your credit reports. It’s free to place a fraud alert on your credit reports, and people can do this even if they only suspect their information has been compromised. You’ll only have to contact one of the major consumer credit reporting bureaus for a fraud alert; that bureau is required to contact the others with your request.


To arrive at a total U.S. figure for passwords exposed on the dark web, Credit Karma began by analyzing dark web password exposure for a majority of U.S. Credit Karma members by credit score range. Since not every American is a member of Credit Karma, we extrapolated the data of affected Credit Karma members to represent the wider U.S. population. Given Credit Karma’s large member base of more than 80 million, we made the assumption that the proportion of individuals who have a password exposed on the dark web is the same for both Credit Karma members and the broader U.S. population. We took each percentage of affected Credit Karma members by score band and multiplied it by the total number of Americans within that score band, based on a combination of data. All percentages have been rounded to the nearest whole percent.

About the author: Maizie Simpson leads the Content Strategy team and Data Journalism program at Credit Karma. Her team is dedicated to finding and publishing the human story behind financial stats and trends. To see a collection of the… Read more.