Google announced(neues Fenster) that its Dark Web Report feature will shut down on February 17, 2026, with scans ending on January 15. This means that Google will stop monitoring dark web sources for leaked personal data, and you will no longer receive alerts if your information is exposed as part of a data breach.

The company said it decided to remove the feature after feedback showed the Google Dark Web Report failed to provide useful follow-up steps. Despite reassurances that it will continue to protect users from online threats, the decision may give the impression that there is little you can do once your information is leaked online. Don’t worry, though: You’re not powerless, as there are things you can do to reduce the damage.

What is the Google Dark Web Report?

Launched in 2023, Google’s Dark Web Report is a security feature that consumer Google accounts can use to find out whether their personal information has appeared on the dark web as a result of data breaches or leaks. This can include names, email addresses, passwords, phone numbers, home addresses, and Social Security numbers. If Google finds a match, it alerts you and explains what information was exposed.

While the Dark Web Report feature is being discontinued, Google has not yet provided details about the next security tools it’s working on. However, given the company’s retreat from Privacy Sandbox initiative (an effort to replace third-party tracking cookies with privacy-focused ad tech) and the Gmail data breach in 2025, it’s understandable why some people may question how effective new measures will be.

What do you need to do with your Google account now?

If you have a Google account, there’s no immediate action you need to take. All data related to Google’s Dark Web Report will be wiped from its servers on February 16. This refers only to the data collected for the report itself, not the personal information stored elsewhere in your Google account.

The company recommends using its “Results about you” feature to find and request the removal of your information from Google Search. However, using that feature requires submitting more personal details to Google, which some people may be uncomfortable with. Even if that information is removed from Google Search, it may still appear in other search engines or on the original websites where it was published.

How to protect yourself after a data breach

Finding out your data may be circulating on the dark web doesn’t necessarily mean you’ll be hacked, but you should take a few basic precautions:

1. Change passwords on affected accounts

Start with the service involved in the breach, then update passwords anywhere else you reused them. Use a password generator to create strong, unique passwords, and a password manager to securely store them.

2. Turn on two-factor authentication (2FA)

Enable 2FA wherever it’s available, prioritizing sensitive accounts like email, banking, cloud storage, and social media. App-based authenticators or hardware security keys are more secure than SMS-based codes.

Proton Pass provides a built-in 2FA authenticator for all your stored accounts. It also alerts you to weak or reused passwords or accounts where two-factor authentication is turned off.

3. Monitor accounts for unusual activity

Watch for login alerts, password-reset emails you didn’t request, unfamiliar sign-in devices, or transactions you don’t recognize, especially in financial accounts.

With Proton Pass, you can review active sessions and revoke access from devices you don’t recognize, or log out of all sessions except the current one. For more protection, enable our Proton Sentinel high-security program designed to prevent account takeover attempts.

4. Be cautious of phishing attempts

Data from breaches is often used for targeted scams. Be skeptical of emails or texts that reference personal details or pressure you to act quickly, such as messages claiming to be from Gmail or a bank asking you to reset your password. If in doubt, verify the message by contacting the company directly through its official website or app, not through the contact information provided in the message.

5. Remove unnecessary personal information online

Delete old accounts and limit the amount of identifying data visible on public profiles, forums, and data broker websites. Removing personal information from the internet won’t erase past breaches, but it can reduce future exposure.

6. Watch your financial and credit information

If your financial data or Social Security numbers were exposed, consider placing a fraud alert or credit freeze with major credit bureaus. Plus, you should regularly review bank and credit card statements for unauthorized charges.

Choose privacy-first tools for breach monitoring and alerts

Like Google’s retreat from the Privacy Sandbox initiative, ending its Dark Web Report tool is a reminder that security and privacy tools can disappear when they aren’t foundational to a company’s business.

If you want something more consistent and with a clearer commitment to putting your privacy first, Proton Pass takes a different approach. Our Dark Web Monitoring tool isn’t an add-on or a temporary feature, but part of how our password manager is designed, with features that alert you when your information shows up in known breaches and help you respond before that data is abused.

We’ve also built the Data Breach Observatory to look for leaked data on the dark web as it appears, rather than wait for companies to announce breaches, giving you more time to lock down your privacy and security settings.