Dark-web and breach monitoring

The dark-web module checks whether your domains, employee emails, or company name appear in known breach corpuses or paste-site dumps.

What we use

• HaveIBeenPwned (HIBP) — domain search and email search.
• Public paste sites — Pastebin, Ghostbin, JustPaste, Throwbin (where API access permits).
• DeHashed-class providers — opt-in, requires API key.

What you see

• Breach hit — your domain or an employee email appeared in a public breach. Includes breach name, date, data classes exposed (passwords, addresses, hashed PII).
• Paste hit — your domain string appeared in a public paste. Often false positives, hand-reviewed for severity.
• Credential dump — email + password combo appears for one of your employees. Recommend immediate password rotation and SSO enforcement.

Privacy

We do not retrieve or store the actual leaked passwords. We only know "this email appeared in this breach" and surface that fact. The remediation is on your side: force password reset for that employee.

Frequency

Weekly for full domain sweeps; daily for opt-in employee-list monitoring.