Ask HN: How to monitor Darkweb if credentials of our SaaS product are leaked?
We develop and maintain a SAAS product. Recently, we were notified by an online security provider that a user's credentials from our platform were exposed on the Dark Web. How can we proactively monitor the Dark Web for such incidents? Are there any subscription-based services available that offer continuous monitoring for this purpose? It’s called the “Dark Web” for a reason. Monitoring tools may exist but they do not and can not cover every avenue, or even a small fraction of them. There may be scanners etc but I think your best bet is to ask the security provider for recommendations. They identified the issue and notified you - it sounds like they’re a third party worth keeping around. In the mean time, assume that creds can be stolen and there’s nothing you can do about it: what do you do about that? You have many options: rate limiting, IP checks, detecting unusual activity. I’d start there. If you have the time, you could download a few breach corpuses and do a manual search for creds. There's even a few clearnet breach forums that don't exclusively operate on the darkweb.