Proton

Introducing Dark Web Monitoring for credential leaks

Your email address is your online identity(new window), and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches affecting online services are increasingly common, with tens of billions of records already leaked this year to the dark web, where credentials are often bought and sold.

If your credentials leak, timely alerts are critical so you can take action to secure your accounts, prevent identity theft, and avoid financial losses. In recent months, we’ve released multiple security features designed to fortify your digital identity against attacks, and today we’re excited to launch another feature for everyone with a paid Proton plan: Dark Web Monitoring for credential leaks. You’ll find it in our new Security Center(new window) in Proton Mail, and in your Security and Privacy settings. 

Dark Web Monitoring scans hidden parts of the internet for Proton Mail email addresses that have ended up in illegal data markets. If our system detects a breach that affected one of your accounts used to sign up to a third party website, you’ll receive a Security Center alert along with actions you can take to mitigate the risk.

Data breaches have become unavoidable

The number of data breaches in the USA alone exploded from 1,802 in 2022 to 3,205 in 2023(new window), affecting more than 353 million people. In January 2024, researchers found a database exposing more than 26 billion records. Known as the “Mother of all Breaches(new window)”, it contained records from thousands of previous breaches. 

Such data is often offered for sale to criminals on a part of the internet known as the dark web(new window), a small portion of the deep web that’s inaccessible with standard web browsers and requires special software. While the dark web can be an invaluable connection to the outside world for those living under repressive regimes, its encrypted nature makes it the perfect place to hide a cybercrime hub. 

With so many data breaches, including of major websites generally considered safe, protecting your accounts is no longer a question of whether your credentials will leak, but whether you are prepared with additional safety measures in place to prevent damage. Proton offers a robust safety net to protect our community, of which Dark Web Monitoring for credential leaks is just the latest example.

How does Dark Web Monitoring work?

Proton’s dark web detection continuously scans dark web hubs associated with illicit activities, such as hacking forums and markets, searching databases for emails contained in data breaches that use any of Proton’s 19 email domains (for example, @pm.me, @protonmail.ch, etc.) as well as any other information associated with those email addresses (like stolen credit card details, for example). We use our own threat intelligence datasets that are also enriched with data from Constella Intelligence(new window), a leader in digital threat management. No user data is ever shared with third parties, but we do analyze reports from third parties any time they find leaked information or data stolen in a hack from a third-party online service that’s tied to a Proton Mail email address or a Proton Pass alias.

Our system will alert you if it finds leaked details of any of your accounts for third party websites. You’ll receive comprehensive information about the breach, including what data was compromised and the affected service, if available. Additionally, we explain what you can do to safeguard your digital identity and minimize the risks of future breaches.

Know which accounts needs protecting

Dark Web Monitoring will show all known breaches that have affected your accounts over the last two years. While all breaches carry risks, we highlight the breaches you should prioritize with a red indicator. These breaches require immediate attention, typically to change passwords that were exposed as plaintext or weakly hashed(new window) (for example, using MD5). 

Orange notifications show breaches that affected your accounts but where either no password was leaked, or where your password was encrypted or strongly hashed (for example, with SHA256 or bcrypt). Note that these breaches can still expose sensitive personal information.

The future of Dark Web Monitoring

This is just the beginning of our plans for the Dark Web Monitoring feature. In the future, we aim to watch out for more of your data and notify you on your mobile device as well.

Notifications

Dark Web Monitoring will soon send notifications to your Android or iPhone so you can take action on affected accounts more quickly.

Custom domain monitoring

In addition to monitoring for Proton Mail email addresses found in data breaches affecting third-party websites, we will also detect breaches that affect custom domain emails(new window), so that professionals and organizations that use Proton Mail also have comprehensive protection for all their associated accounts and sensitive data.

Monitoring of external email addresses

Recognizing the interconnected nature of online identities, Proton will also expand Dark Web Monitoring to optionally include recovery email addresses, as well as Proton VPN, Proton Drive, and Proton Pass accounts registered with external email addresses(new window).

Comprehensive data security

In an era where data breaches and identity theft have unfortunately become increasingly prevalent, Proton is doubling down on security features. Our Proton Sentinel high-security program(new window) combines machine learning and human security analysts to monitor for account takeover attacks and shut them down swiftly. We also offer the ability to generate hide-my-email aliases in Proton Mail(new window), which you can use when creating new accounts. You’ll receive email as normal through these aliases, but if one is ever exposed in a data breach, you can delete it and create another without ever revealing your true email address. We also strongly recommend setting up multi-factor authentication(new window) for all your online accounts and using strong, unique passwords(new window).

You may not be able to avoid data breaches, but thanks to Dark Web Monitoring and other Proton security features, you can mitigate risks and stay in control of your digital identity.

Related articles

Email etiquette: What it is and why it matters |
Find out what email etiquette is with key rules and examples, why it is important, and how Proton Mail can help.
A cover image for a blog about how to create an incident response plan that shows a desktop computer and a laptop with warning signs on their screens
Do you have an incident response plan to protect your business from financial and reputational damage? Find out how Proton Pass for Business can help you stay safe.
Shared with me in Proton Drive for desktop user interface
  • For business
  • Product updates
  • Proton Drive
We've improved Proton Drive for Windows to make it easier to securely collaborate with others from your desktop.
Smart glasses that have been modified for facial surveillance and dox you in real time, finding your personal information after seeing your face.
Students modified smart glasses to find someone’s personal data after just looking at them. This is why we must minimize data collection.
The cover image for a blog explaining what password encryption is and how Proton Pass helps users with no tech experience benefit from it
Password encryption sounds complicated, but anyone can benefit from it. We explain what it is and how it’s built into Proton Pass for everyone to use.
How Proton can help with DORA compliance
We look at how DORA will affect your organization and how Proton’s services can help you meet its compliance requirements.