How to monitor Darkweb if credentials of our SaaS product are leaked?

Question

We develop and maintain a SAAS product. Recently, we were notified by an online security provider that a user's credentials from our platform were exposed on the Dark Web. How can we proactively monitor the Dark Web for such incidents? Are there any subscription-based services available that offer continuous monitoring for this purpose?

i-use-nixos-btw · Accepted Answer

It&rsquo;s called the &ldquo;Dark Web&rdquo; for a reason. Monitoring tools may exist but they do not and can not cover every avenue, or even a small fraction of them.There may be scanners etc but I think your best bet is to ask the security provider for recommendations. They identified the issue and notified you - it sounds like they&rsquo;re a third party worth keeping around.In the mean time, assume that creds can be stolen and there&rsquo;s nothing you can do about it: what do you do about that? You have many options: rate limiting, IP checks, detecting unusual activity. I&rsquo;d start there.

DerekBickerton · Answer

If you have the time, you could download a few breach corpuses and do a manual search for creds. There's even a few clearnet breach forums that don't exclusively operate on the darkweb.