Ask HN: How to monitor Darkweb if credentials of our SaaS product are leaked?

[v7engine]

We develop and maintain a SAAS product. Recently, we were notified by an online security provider that a user's credentials from our platform were exposed on the Dark Web. How can we proactively monitor the Dark Web for such incidents? Are there any subscription-based services available that offer continuous monitoring for this purpose?

[i-use-nixos-btw]

It’s called the “Dark Web” for a reason. Monitoring tools may exist but they do not and can not cover every avenue, or even a small fraction of them.

There may be scanners etc but I think your best bet is to ask the security provider for recommendations. They identified the issue and notified you - it sounds like they’re a third party worth keeping around.

In the mean time, assume that creds can be stolen and there’s nothing you can do about it: what do you do about that? You have many options: rate limiting, IP checks, detecting unusual activity. I’d start there.

[DerekBickerton]

If you have the time, you could download a few breach corpuses and do a manual search for creds. There's even a few clearnet breach forums that don't exclusively operate on the darkweb.