How to use Dark Web Monitoring

Dark Web Monitoring(new window) promptly notifies you when your personal information has been exposed on the dark web. This exposure typically occurs when a third-party service you use experiences a compromise, whether due to negligence or a deliberate attack.

Anyone with a paid Proton plan can take advantage of Dark Web Monitoring. It ensures timely awareness of potential risks to your personal data, and gives you relevant actions you can take to mitigate them.

Where to find Dark Web Monitoring?

Dark Web Monitoring is available to everyone with a paid plan. You can find and enable Dark Web Monitoring within the new Security center or on your Settings page under Security and privacy.

How does Proton detect breached information on the dark web?

We use various data sources for breach detection, including our own threat intelligence datasets that are enriched with data from Constella Intelligence, which has access to information being sold on the dark web. These sources report to Proton any time they find leaked information or data stolen in a hack from a third-party online service that’s tied to a Proton Mail email address or a Proton Pass alias.

Dark Web Monitoring will let you know if the following information has been exposed:

• Email addresses
• Usernames
• Names
• Dates of birth
• Passwords
• Phone numbers
• Physical addresses (including city and ZIP codes) 
• Government IDs:
  • Social Security Numbers (SSNs)
  • Social Insurance Numbers (SINs) 
  • National IDs (NIDs)
  • Tax Identity Number
  • Visa number
  • Passport
  • Driver’s license
• Medical information
• Financial information
  • Credit cards
  • Bank IBAN

What to do if your data has been exposed in a data breach?(new window)

Dark Web Monitoring will show all known breaches that have affected your accounts over the last two years. While all breaches carry risks, we highlight the breaches you should prioritize with a red indicator. These breaches require immediate attention, typically to change passwords that were exposed as plaintext or weakly hashed (for example, using MD5). 

Purple notifications show breaches that affected your accounts but where your password was encrypted or strongly hashed (for example, with SHA256 or bcrypt). Note that these breaches can still expose sensitive personal information.

General recommendations to keep yourself safe online

1. Use aliases to sign up for online services. This protects your real email address and identity, limiting the blast radius of a breach. Create an alias
2. Use Proton Pass to generate strong passwords and avoid password reuse. 
3. Use Proton VPN with Netshield enabled to protect you from phishing and malware. Proton VPN also protects your real IP address and therefore location from being leaked. Get Proton VPN(new window)