Dark Web Monitoring FAQ
Dark Web Monitoring FAQ
You
are likely seeing this article because
your email (or an email you are
responsible for) and an associated
password or PII was discovered in a data breach.
If you are still using the password
indicated in the alert, or still active on
the website indicated, we recommend
changing the password.
Q: The alert is about a password I use, what should I do?
When you recognize the password or the website associated with the breach, you should update the password immediately across all sites with the same password. Ideally, every website should have a completely unique password.
Q: Why are we receiving alerts about a
former employee’s email address?
Sometimes alerts
come through associated
with users that no longer
with your company.
Historic accounts that
were used at cloud
providers like
linkdin.com, target.com,
amazon.com etc; cannot be
deactivated when a former
employee’s email is turned
off. As such, when a
website/cloud provider has
a breach, those
***@yourdomain.com will be
discovered and reported by
our
system.
When this happens,
we will still send you the
alert to evaluate whether
the former employee’s
login at that site is a
risk. In most cases it
will not be. In the rare
case that the login is
still relevant, the
password should be
changed.
Example of a
relevant
alert: A former
employee set up an account
for stamps.com and it is
now used by everyone in
the company. Those would
be important to fix. Items
like facebook.com,
linkdin.com, etc, can
usually be
ignored.
Q: Can we stop receiving alerts from
former employee’s email addresses?
Unfortunately, no.
Alerting can only be set
up on a domain-wide basis.
Any compromise containing
your company’s domain will
generate an
alert.
Q: Why does the alert only show an
encrypted password (long string of
letters, numbers and symbols)?
Some alerts will
generate with the
passwords showing as a
string of letters, numbers
and symbols. This means
the passwords were
compromised in an
encrypted form. The
password itself was not
exposed, but if someone
has the “key” to that
encryption, they would be
able to figure it out. We
still advise changing the
password for sites like
that
Q: Why does the password say, “Not
Disclosed”?
Some passwords on
the report state “Not
Disclosed”. This can mean
two
things:
- The
email address was found in
a database not associated
with a login specific
website,
- or
the compromised
information was personal,
ie: first name, last name,
address, phone number, but
the password itself was
not
found.
Unfortunately, the
databases are not always
specific enough to include
which website was
breached. These
breaches are listed just
to make you aware that the
information out there.
Some of the compromised
information provided does
not always have an
actionable response.
Vigilance and training are
the most effective ways to
prevent compromised
personal information from
being used against
you.
Q: What does “PII HIT” mean?
Some compromises on
the report state “PII”
(personally identifiable
information).
This can include
things like name, birth
date, place of employment,
etc. from websites like
facebook or linkedin. This
information is reported
because personal data can
be used to format more
personalized phishing
emails or other
scams.
Unfortunately, the
databases are not always
specific enough to include
which website was
breached. Some of the
compromised information
provided does not always
have an actionable
response. Vigilance and
training are the most
effective ways to prevent
compromised personal
information from being
used against
you.