from Hacker News

Ask HN: How to monitor Darkweb if credentials of our SaaS product are leaked?

by v7engine on 10/13/23, 12:34 PM with 2 comments

We develop and maintain a SAAS product. Recently, we were notified by an online security provider that a user's credentials from our platform were exposed on the Dark Web. How can we proactively monitor the Dark Web for such incidents? Are there any subscription-based services available that offer continuous monitoring for this purpose?

  • by i-use-nixos-btw on 10/13/23, 1:00 PM

    It’s called the “Dark Web” for a reason. Monitoring tools may exist but they do not and can not cover every avenue, or even a small fraction of them.

    There may be scanners etc but I think your best bet is to ask the security provider for recommendations. They identified the issue and notified you - it sounds like they’re a third party worth keeping around.

    In the mean time, assume that creds can be stolen and there’s nothing you can do about it: what do you do about that? You have many options: rate limiting, IP checks, detecting unusual activity. I’d start there.

  • by DerekBickerton on 10/13/23, 6:29 PM

    If you have the time, you could download a few breach corpuses and do a manual search for creds. There's even a few clearnet breach forums that don't exclusively operate on the darkweb.