Introducing Dark Web Monitoring for credential leaks

Your email address is your online identity(new window), and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches affecting online services are increasingly common, with tens of billions of records already leaked this year to the dark web, where credentials are often bought and sold.

If your credentials leak, timely alerts are critical so you can take action to secure your accounts, prevent identity theft, and avoid financial losses. In recent months, we’ve released multiple security features designed to fortify your digital identity against attacks, and today we’re excited to launch another feature for everyone with a paid Proton plan: Dark Web Monitoring for credential leaks. You’ll find it in our new Security Center(new window) in Proton Mail, and in your Security and Privacy settings. 

Dark Web Monitoring scans hidden parts of the internet for Proton Mail email addresses that have ended up in illegal data markets. If our system detects a breach that affected one of your accounts used to sign up to a third party website, you’ll receive a Security Center alert along with actions you can take to mitigate the risk.

Data breaches have become unavoidable

The number of data breaches in the USA alone exploded from 1,802 in 2022 to 3,205 in 2023(new window), affecting more than 353 million people. In January 2024, researchers found a database exposing more than 26 billion records. Known as the “Mother of all Breaches(new window)”, it contained records from thousands of previous breaches. 

Such data is often offered for sale to criminals on a part of the internet known as the dark web(new window), a small portion of the deep web that’s inaccessible with standard web browsers and requires special software. While the dark web can be an invaluable connection to the outside world for those living under repressive regimes, its encrypted nature makes it the perfect place to hide a cybercrime hub. 

With so many data breaches, including of major websites generally considered safe, protecting your accounts is no longer a question of whether your credentials will leak, but whether you are prepared with additional safety measures in place to prevent damage. Proton offers a robust safety net to protect our community, of which Dark Web Monitoring for credential leaks is just the latest example.

How does Dark Web Monitoring work?

Proton’s dark web detection continuously scans dark web hubs associated with illicit activities, such as hacking forums and markets, searching databases for emails contained in data breaches that use any of Proton’s 19 email domains (for example,,, etc.) as well as any other information associated with those email addresses (like stolen credit card details, for example). We use our own threat intelligence datasets that are also enriched with data from Constella Intelligence(new window), a leader in digital threat management. No user data is ever shared with third parties, but we do analyze reports from third parties any time they find leaked information or data stolen in a hack from a third-party online service that’s tied to a Proton Mail email address or a Proton Pass alias.

Our system will alert you if it finds leaked details of any of your accounts for third party websites. You’ll receive comprehensive information about the breach, including what data was compromised and the affected service, if available. Additionally, we explain what you can do to safeguard your digital identity and minimize the risks of future breaches.

Know which accounts needs protecting

Dark Web Monitoring will show all known breaches that have affected your accounts over the last two years. While all breaches carry risks, we highlight the breaches you should prioritize with a red indicator. These breaches require immediate attention, typically to change passwords that were exposed as plaintext or weakly hashed(new window) (for example, using MD5). 

Orange notifications show breaches that affected your accounts but where either no password was leaked, or where your password was encrypted or strongly hashed (for example, with SHA256 or bcrypt). Note that these breaches can still expose sensitive personal information.

The future of Dark Web Monitoring

This is just the beginning of our plans for the Dark Web Monitoring feature. In the future, we aim to watch out for more of your data and notify you on your mobile device as well.


Dark Web Monitoring will soon send notifications to your Android or iPhone so you can take action on affected accounts more quickly.

Custom domain monitoring

In addition to monitoring for Proton Mail email addresses found in data breaches affecting third-party websites, we will also detect breaches that affect custom domain emails(new window), so that professionals and organizations that use Proton Mail also have comprehensive protection for all their associated accounts and sensitive data.

Monitoring of external email addresses

Recognizing the interconnected nature of online identities, Proton will also expand Dark Web Monitoring to optionally include recovery email addresses, as well as Proton VPN, Proton Drive, and Proton Pass accounts registered with external email addresses(new window).

Comprehensive data security

In an era where data breaches and identity theft have unfortunately become increasingly prevalent, Proton is doubling down on security features. Our Proton Sentinel high-security program(new window) combines machine learning and human security analysts to monitor for account takeover attacks and shut them down swiftly. We also offer the ability to generate hide-my-email aliases in Proton Mail(new window), which you can use when creating new accounts. You’ll receive email as normal through these aliases, but if one is ever exposed in a data breach, you can delete it and create another without ever revealing your true email address. We also strongly recommend setting up multi-factor authentication(new window) for all your online accounts and using strong, unique passwords(new window).

You may not be able to avoid data breaches, but thanks to Dark Web Monitoring and other Proton security features, you can mitigate risks and stay in control of your digital identity.

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr