Proton

Your email address is your online identity(new window), and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches affecting online services are increasingly common, with tens of billions of records already leaked this year to the dark web, where credentials are often bought and sold.

If your credentials leak, timely alerts are critical so you can take action to secure your accounts, prevent identity theft, and avoid financial losses. In recent months, we’ve released multiple security features designed to fortify your digital identity against attacks, and today we’re excited to launch another feature for everyone with a paid Proton plan: Dark Web Monitoring for credential leaks. You’ll find it in our new Security Center(new window) in Proton Mail, and in your Security and Privacy settings. 

Dark Web Monitoring scans hidden parts of the internet for Proton Mail email addresses that have ended up in illegal data markets. If our system detects a breach that affected one of your accounts used to sign up to a third party website, you’ll receive a Security Center alert along with actions you can take to mitigate the risk.

Data breaches have become unavoidable

The number of data breaches in the USA alone exploded from 1,802 in 2022 to 3,205 in 2023(new window), affecting more than 353 million people. In January 2024, researchers found a database exposing more than 26 billion records. Known as the “Mother of all Breaches(new window)”, it contained records from thousands of previous breaches. 

Such data is often offered for sale to criminals on a part of the internet known as the dark web(new window), a small portion of the deep web that’s inaccessible with standard web browsers and requires special software. While the dark web can be an invaluable connection to the outside world for those living under repressive regimes, its encrypted nature makes it the perfect place to hide a cybercrime hub. 

With so many data breaches, including of major websites generally considered safe, protecting your accounts is no longer a question of whether your credentials will leak, but whether you are prepared with additional safety measures in place to prevent damage. Proton offers a robust safety net to protect our community, of which Dark Web Monitoring for credential leaks is just the latest example.

How does Dark Web Monitoring work?

Proton’s dark web detection continuously scans dark web hubs associated with illicit activities, such as hacking forums and markets, searching databases for emails contained in data breaches that use any of Proton’s 19 email domains (for example, @pm.me, @protonmail.ch, etc.) as well as any other information associated with those email addresses (like stolen credit card details, for example). We use our own threat intelligence datasets that are also enriched with data from Constella Intelligence(new window), a leader in digital threat management. No user data is ever shared with third parties, but we do analyze reports from third parties any time they find leaked information or data stolen in a hack from a third-party online service that’s tied to a Proton Mail email address or a Proton Pass alias.

Our system will alert you if it finds leaked details of any of your accounts for third party websites. You’ll receive comprehensive information about the breach, including what data was compromised and the affected service, if available. Additionally, we explain what you can do to safeguard your digital identity and minimize the risks of future breaches.

Know which accounts needs protecting

Dark Web Monitoring will show all known breaches that have affected your accounts over the last two years. While all breaches carry risks, we highlight the breaches you should prioritize with a red indicator. These breaches require immediate attention, typically to change passwords that were exposed as plaintext or weakly hashed(new window) (for example, using MD5). 

Orange notifications show breaches that affected your accounts but where either no password was leaked, or where your password was encrypted or strongly hashed (for example, with SHA256 or bcrypt). Note that these breaches can still expose sensitive personal information.

The future of Dark Web Monitoring

This is just the beginning of our plans for the Dark Web Monitoring feature. In the future, we aim to watch out for more of your data and notify you on your mobile device as well.

Notifications

Dark Web Monitoring will soon send notifications to your Android or iPhone so you can take action on affected accounts more quickly.

Custom domain monitoring

In addition to monitoring for Proton Mail email addresses found in data breaches affecting third-party websites, we will also detect breaches that affect custom domain emails(new window), so that professionals and organizations that use Proton Mail also have comprehensive protection for all their associated accounts and sensitive data.

Monitoring of external email addresses

Recognizing the interconnected nature of online identities, Proton will also expand Dark Web Monitoring to optionally include recovery email addresses, as well as Proton VPN, Proton Drive, and Proton Pass accounts registered with external email addresses(new window).

Comprehensive data security

In an era where data breaches and identity theft have unfortunately become increasingly prevalent, Proton is doubling down on security features. Our Proton Sentinel high-security program(new window) combines machine learning and human security analysts to monitor for account takeover attacks and shut them down swiftly. We also offer the ability to generate hide-my-email aliases in Proton Mail(new window), which you can use when creating new accounts. You’ll receive email as normal through these aliases, but if one is ever exposed in a data breach, you can delete it and create another without ever revealing your true email address. We also strongly recommend setting up multi-factor authentication(new window) for all your online accounts and using strong, unique passwords(new window).

You may not be able to avoid data breaches, but thanks to Dark Web Monitoring and other Proton security features, you can mitigate risks and stay in control of your digital identity.

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.