Ask HN: How to monitor Darkweb if credentials of our SaaS product are leaked?
We develop and maintain a SAAS product. Recently, we were notified by an online security provider that a user's credentials from our platform were exposed on the Dark Web. How can we proactively monitor the Dark Web for such incidents? Are there any subscription-based services available that offer continuous monitoring for this purpose?
2 comments
[ 3.0 ms ] story [ 19.8 ms ] threadThere may be scanners etc but I think your best bet is to ask the security provider for recommendations. They identified the issue and notified you - it sounds like they’re a third party worth keeping around.
In the mean time, assume that creds can be stolen and there’s nothing you can do about it: what do you do about that? You have many options: rate limiting, IP checks, detecting unusual activity. I’d start there.