Proton

Introducing Dark Web Monitoring for credential leaks

Your email address is your online identity(new window), and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches affecting online services are increasingly common, with tens of billions of records already leaked this year to the dark web, where credentials are often bought and sold.

If your credentials leak, timely alerts are critical so you can take action to secure your accounts, prevent identity theft, and avoid financial losses. In recent months, we’ve released multiple security features designed to fortify your digital identity against attacks, and today we’re excited to launch another feature for everyone with a paid Proton plan: Dark Web Monitoring for credential leaks. You’ll find it in our new Security Center(new window) in Proton Mail, and in your Security and Privacy settings. 

Dark Web Monitoring scans hidden parts of the internet for Proton Mail email addresses that have ended up in illegal data markets. If our system detects a breach that affected one of your accounts used to sign up to a third party website, you’ll receive a Security Center alert along with actions you can take to mitigate the risk.

Data breaches have become unavoidable

The number of data breaches in the USA alone exploded from 1,802 in 2022 to 3,205 in 2023(new window), affecting more than 353 million people. In January 2024, researchers found a database exposing more than 26 billion records. Known as the “Mother of all Breaches(new window)”, it contained records from thousands of previous breaches. 

Such data is often offered for sale to criminals on a part of the internet known as the dark web(new window), a small portion of the deep web that’s inaccessible with standard web browsers and requires special software. While the dark web can be an invaluable connection to the outside world for those living under repressive regimes, its encrypted nature makes it the perfect place to hide a cybercrime hub. 

With so many data breaches, including of major websites generally considered safe, protecting your accounts is no longer a question of whether your credentials will leak, but whether you are prepared with additional safety measures in place to prevent damage. Proton offers a robust safety net to protect our community, of which Dark Web Monitoring for credential leaks is just the latest example.

How does Dark Web Monitoring work?

Proton’s dark web detection continuously scans dark web hubs associated with illicit activities, such as hacking forums and markets, searching databases for emails contained in data breaches that use any of Proton’s 19 email domains (for example, @pm.me, @protonmail.ch, etc.) as well as any other information associated with those email addresses (like stolen credit card details, for example). We use our own threat intelligence datasets that are also enriched with data from Constella Intelligence(new window), a leader in digital threat management. No user data is ever shared with third parties, but we do analyze reports from third parties any time they find leaked information or data stolen in a hack from a third-party online service that’s tied to a Proton Mail email address or a Proton Pass alias.

Our system will alert you if it finds leaked details of any of your accounts for third party websites. You’ll receive comprehensive information about the breach, including what data was compromised and the affected service, if available. Additionally, we explain what you can do to safeguard your digital identity and minimize the risks of future breaches.

Know which accounts needs protecting

Dark Web Monitoring will show all known breaches that have affected your accounts over the last two years. While all breaches carry risks, we highlight the breaches you should prioritize with a red indicator. These breaches require immediate attention, typically to change passwords that were exposed as plaintext or weakly hashed(new window) (for example, using MD5). 

Orange notifications show breaches that affected your accounts but where either no password was leaked, or where your password was encrypted or strongly hashed (for example, with SHA256 or bcrypt). Note that these breaches can still expose sensitive personal information.

The future of Dark Web Monitoring

This is just the beginning of our plans for the Dark Web Monitoring feature. In the future, we aim to watch out for more of your data and notify you on your mobile device as well.

Notifications

Dark Web Monitoring will soon send notifications to your Android or iPhone so you can take action on affected accounts more quickly.

Custom domain monitoring

In addition to monitoring for Proton Mail email addresses found in data breaches affecting third-party websites, we will also detect breaches that affect custom domain emails(new window), so that professionals and organizations that use Proton Mail also have comprehensive protection for all their associated accounts and sensitive data.

Monitoring of external email addresses

Recognizing the interconnected nature of online identities, Proton will also expand Dark Web Monitoring to optionally include recovery email addresses, as well as Proton VPN, Proton Drive, and Proton Pass accounts registered with external email addresses(new window).

Comprehensive data security

In an era where data breaches and identity theft have unfortunately become increasingly prevalent, Proton is doubling down on security features. Our Proton Sentinel high-security program(new window) combines machine learning and human security analysts to monitor for account takeover attacks and shut them down swiftly. We also offer the ability to generate hide-my-email aliases in Proton Mail(new window), which you can use when creating new accounts. You’ll receive email as normal through these aliases, but if one is ever exposed in a data breach, you can delete it and create another without ever revealing your true email address. We also strongly recommend setting up multi-factor authentication(new window) for all your online accounts and using strong, unique passwords(new window).

You may not be able to avoid data breaches, but thanks to Dark Web Monitoring and other Proton security features, you can mitigate risks and stay in control of your digital identity.

Related articles

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
en
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
en
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.