Google Discontinues Dark Web Report Service
Google announced the discontinuation of its Dark Web Report service, which alerted users when their personal information appeared in data breaches or on the dark web. The service, launched in 2023, was designed to notify users about exposed user IDs, passwords, and other sensitive data, but Google stated that user feedback indicated the reports lacked actionable next steps. As a result, Google will cease scanning the dark web for new breaches on January 15 and will stop reporting findings on February 16, 2026.
Users are being directed to alternative tools such as Google's security checkup, passkey features, password manager, and the 'Results about you' tool, which flags personal information found in Google Search results. Google also suggested that users seeking similar dark web monitoring services consider third-party providers like Experian, Equifax, Illion, and TransUnion. The move reflects a shift in Google's approach to user security, focusing on providing more actionable guidance rather than general breach notifications.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Texas sues smart TV makers over alleged unlawful data collection
Texas filed lawsuits against Sony, Samsung, LG, Hisense, and TCL, alleging the companies used automated content recognition technology to collect user viewing data without proper consent. The legal action targeted data collection practices tied to smart TVs.
Royal Cornwall Hospitals Trust exposes staff records in FOI response
The Royal Cornwall Hospitals Trust in the UK accidentally disclosed thousands of staff records while responding to a Freedom of Information request. The incident highlighted continuing data protection weaknesses in handling sensitive personnel information.
Wiz cloud hacking contest uncovers multiple critical zero-days
A cloud security competition hosted by Wiz in London led researchers to identify numerous critical zero-day vulnerabilities in core cloud infrastructure components. Successful live exploits were reported against Redis, PostgreSQL, MariaDB, and Linux, with a high success rate during the event.
French police arrest hacker over Interior Ministry email breach
French law enforcement arrested a 22-year-old alleged hacker accused of breaching the Interior Ministry's email server and accessing sensitive files, including criminal records. The arrest was described as having happened quickly after the intrusion.
Google discontinues Dark Web Report service
Google decided to shut down its Dark Web Report feature, which had alerted users when their personal information appeared in dark web breach data. The company cited the limited actionable advice it could provide to users as the reason for ending the service.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Google Discontinues Dark Web Report Feature for Users
Google has announced the discontinuation of its "dark web report" feature, which notified users when their personal information, such as email addresses, was found on dark web forums and marketplaces. The feature, initially launched for Google One subscribers in 2023 and later expanded to all users, will stop monitoring for new results on January 15, 2026, and all associated data will be unavailable from February 16, 2026. Google cited user feedback indicating that the reports did not provide actionable next steps, leading to the decision to sunset the service. While the dark web report provided users with lists of potentially compromised data, Google stated that it will shift focus to other security tools that offer more direct and actionable protection, such as Google Password Manager and Password Checkup. The company emphasized its ongoing commitment to defending users from online threats, including those originating from the dark web, and plans to continue developing tools that help safeguard personal information online.
Mar 21, 2026
Google Search Expands Removal Tools for Non-Consensual Explicit Imagery and Exposed Government ID Numbers
Google rolled out expanded Search controls aimed at reducing harm from **non-consensual explicit imagery** (including AI-generated deepfakes) and exposure of **sensitive personal identifiers**. Users can now request de-indexing of explicit images of themselves directly from Search results (e.g., via the three-dot menu → `Remove result` → “It shows a sexual image of me”), submit multiple images in one request, indicate whether content is real or a deepfake, and access links to legal and emotional support resources during the process. Google also added an opt-in safeguard intended to proactively filter similar explicit results from appearing in future searches. Google also enhanced the *Results about you* hub to monitor and help remove Search results containing government-issued ID numbers, including **Social Security numbers**, **driver’s license numbers**, **passport numbers**, and similar identifiers. Users provide the contact details and ID numbers they want monitored; when matching results appear in Search, Google notifies the user so they can request removal. Google emphasized that removing a result from Search does not delete the underlying content from the web, and that requests are subject to internal security/privacy checks to reduce misuse.
Mar 21, 2026
Google expands Search removals for personal IDs as scrutiny grows over government data demands
Google is expanding its *Search* “Results about you” removal tools to let users request takedowns of additional sensitive content appearing in search results, including **government-issued IDs** (e.g., passport, driver’s license, and Social Security number) and **explicit images**. The feature is rolling out in the US first and requires users to provide the same categories of personal data to Google so it can proactively scan for matches and notify users when the information appears, enabling a removal request. Separately, reporting said Google provided **personal, account, and financial metadata** about a student journalist to **U.S. Immigration and Customs Enforcement (ICE)** in response to an **administrative subpoena** that was not judge-approved and reportedly included a gag order. The disclosed data allegedly included usernames, physical addresses, IP addresses, phone numbers, subscriber identifiers, and linked payment details (credit card and bank account numbers), highlighting how administrative subpoenas can be used to obtain identifying information from tech providers even when they cannot compel disclosure of content like emails or search history.
Mar 21, 2026