DarkWebWondering whether your credentials are exposed on the Dark Web?
DarkWeb, watchOUT

Wondering whether your credentials are exposed on the Dark Web?

During the last few weeks, one constant question, I had to answer,

While demoing and/or discussing one of our portfolio service which is for watching threats on dark web and external places, with CISOs and Security Professionals, was.

I think this question/curiosity, comes from a mindset, which has following presumption about darkweb and something outside.

  • Something which is already on darkweb, there is not much which can be done as an action or as prevention measure
  • Wouldn’t it be better, if breaches and leaks are stopped in the first place, than, go looking for them, once they are out there on dark web or other places
  • It will be only an embarrassment and not serve any real purpose, to find out, if there is a leak or stolen data about my org has been found on dark web or on social media
  • Is there anything concrete which I can do, when and if, I find information leakage or any other threat data specifically for my organization outside, in dark web or other places?

While questions are genuine, “Stark Reality of Today’s Threat Landscape and Posture” demands a perspective and view, which goes beyond traditional lock-and-latch and also beyond detect-and-respond using a host of in-house/in-enterprise security apparatus and tools.

Before I talk about what can be done, with “Dark Web Monitoring”, following key points need to be understood, and, may be delve into…

  • Breach will happen sooner or later
  • Detection and response is key to protection
  • Best of the best solutions will sometime fail in fortifying my enterprise

With the above mentioned “Major Security Paradigm Change” perspectives…

Let’s understand what data is leaked or lost or stolen or breached from your enterprise. Some of this could exist, even without a breach or active stealing/leaking of data. There could be dozen of different categories, but, for simplicity, I will keep following significant/top-level categories.

  • Reconnaissance Data
  • Credentials and Mail Access
  • Customer Data (Personal and Financial Data)
  • Company Confidential (Intellectual Property) Data
  • Internal Systems and Network Details (Including Access Elements)
  • Reputational Data and Malicious Conversation

Though specifics of the action, one could take on finding data/info from darkweb or other external sources, but, a general list of things, an organization can potentially do, is, following.

Concealing Sensitive Info / Blocking the Leak

In many scenarios leak takes place from an internal source, which is in control of orgs, and, simple operational measures will ensure that no unauthorized people can get an access to the sensitive information. Leakages from web-site or portals or sometime through internal mails are example of this. In an average period of 3 years an org ends up leaking information data from its own sources, because of operational issues or data flow/access issues.

Blocking and Preventing

If the data, which has been lost, is of nature, which can be simply blocked and placed on a restriction rule set, then, a simple security operation can take care of things. One, simplest example of this would be phishing sources, discovered by you and your threat intelligence provider, such as domain names suspicious of phishing sources, which seem like your own domain name.

Credential Changes

A lot of what is discovered on darkweb, is credential dumps or password dumps. This has taken a proportion, that, a continuous program model approach is needed in organizations. They need to look for potential credential leak or compromise and its availability on dark-web, and, then organize a password change or sometime identity changes within organization.

This is usually a tough one, because, a lot of time, organizations can bump into large set password dumps, which are claimed to be for their organization, with no concrete way of ensuring they indeed belong to their staff.

Employee Mail ID Compromise Data

Sometime organizations will find that their employees used company’s mail ID, on external sites, without permission and/or required authorization. Then organization can further learn that, sites, on which employee had used his company mail ID, has been compromised. This usually means, employee has had his credentials stolen, from that site.

This issue usually does not seem much of a threat, but, this in fact poses, maximum threat to organizations. Among all the breaches, this one, which usually gets completely unnoticed & sometime this is the one which gets “no prevention/response and/or action” by an enterprise, despite the knowledge about breach.

Ideally an organization should do a periodic review of reported breaches on pawned sites, &, then use that data, to enforce a password change & caution employees to not to use company mail ID, without company’s knowledge, on external sites/platforms/SaaS.

Make Data Useless

This is probably the most important and most required action needed, when you are looking at customer data, specifically financial one, reported from / on darkweb. Here, your ability to protect customer interest, depends on

  • Your ability to find out if your data made its way to darkweb
  • And, your swift action on making this data useless through specific action

A lot of time making this data useless for a cyber criminal is not a simple exercise. It needs a coordinated exercise, which other than work on data repositories (and action on data), needs things which include customer communication, and, a lot more.

Breach Reporting/Disclosure Preparedness

Quite a many times, an enterprise will get to know about their lost or breached data, through media or security experts or cyber crime investigative journalists. And, whenever such thing happens, a messy and arduous process follows up.

If the organization has some measures in place, to get to know about leak of their data on darkweb or social web, there is a lead time they get to prepare for breach response/report.

The nature, urgency and sometime even the extent of response depends on,

  • How the breach was reported?
  • Who reported the breach?

If organization has placed dark web monitoring process, and, has a well defined breach handling process, the possibility is, organization will have much better handling of the breach, than, the one which gets reported through/by media.

Legal Options/Process

There are two kind of breaches which usually warrant an organization to take legal and forensic experts in loop and in action, right away.

  • Reputational damage by a post or content or leak on social media
  • Customer data breached and found on darkweb / social media

In both of these cases, the liability and its enforcement are clear and often huge. A legal option and a legal process should be kicking in as soon as any of these two are found and/or reported.

Darkweb monitoring and external monitoring, can add a dimension to your own internal monitoring and overall threat monitoring and threat management objectives.

While SOC based monitoring, provides you with a view of what might be a threat elements within your own enterprise setup, darkweb & other external threat monitoring, provides you with information and intelligence, which is collected from outside, and, sometimes it is a lot more critical to act immediately upon, than, an internal alert.

Leave a comment:

Your email address will not be published. Required fields are marked *

Top
oh hello you
Award-winning
creative agency.
Delivering high-quality projects for international clients. Ask us about digital, branding and storytelling.

CONTACT ADDRESS
36 East 20th Street, 6th Floor

GENERAL INQUIRIES
borgholm@qodeinteractive.com

SOCIAL MEDIA

Privacy Policy

This Privacy Policy applies to the www.castellumlabs.com

Castellum Labs recognises the importance of maintaining your privacy. We value your privacy and appreciate your trust in us. This Policy describes how we treat user information we collect on http://www.castellumlabs.com and other offline sources. This Privacy Policy applies to current and former visitors to our website. By visiting and/or using our website, you agree to this Privacy Policy. Castellum Labs is a business unit of Raaga Technologies Private Limited and focuses on information technology and cyber security services and products.

Castellumlabs.com is brand and is a property of Raaga Technologies Private Limited, an Indian Company registered under the Companies Act, 2013 having its registered office at Workyard, 337, Phase 2, Industrial Area, Phase 1, Chandigarh, India - 160002.

Information we collect

Contact information. We might collect your name, email, mobile number, phone number, employer company, your designation, street, city, state, pin-code, country and IP address.

Payment and billing information. We do not conduct any online transaction and do not ask our website users for any kind of financial or payment information on our website.

Information you post. We collect information you post in a public space on our website or on a third-party social media site or asset or page or account or wall belonging to Castellum Labs.

Demographic information. We may collect demographic information about you or any other information provided by your during the use of our website with your consent and your approval. We might collect this as a part of a survey also.

We collect information in different ways.

We collect information directly from you. We collect information directly from you when you fill a query form or else when you drop a message to our number of else when you call our phone numbers. We also collect information if you post a comment on our websites or ask us a question through phone or email.

We collect information from you passively. We may use tracking tools like Google Analytics, Google Webmaster, browser cookies and web beacons for collecting information about your usage of our website and any associate web sites of ours.

We get information about you from third parties. For example, if you use an integrated social media feature on our websites. The third-party social media site will give us certain information about you. This could include your name and email address.

Use of your personal information

We use information to contact you: We might use the information you provide to contact you for confirmation of the answers for your queries posted on our website.

We use information to respond to your requests or questions. We might use your information to confirm your registration for a webinar or an event or a course published by us.

We use information to improve our products and services. We might use your information to customize your experience with us. This could include displaying content based upon your preferences.

We use information to look at site trends and customer interests. We may use your information to make our website and products better. We may combine information we get from you with information about you we get from third parties.

We use information for security purposes. We may use information to protect our company, our customers, our websites or our other digital assets on internet.

We use information for marketing purposes. We might send you information about special promotions or offers. We might also tell you about new services, features, products, reports or other offerings. These might be our own offers or products, or third-party offers or products we think you might find interesting. Or, for example, if you submit a query, we might enroll you for our newsletter with your consent.

We use information to send you transactional communications. We might send you emails or SMS about your account, registration or a query submitted by you.

We use information as otherwise permitted by law.

Sharing of information with third-parties

We might share information with third parties who perform services on our behalf. We share information with vendors who help us manage our online registration process or query processors or transactional message processors. Some vendors may be located outside of India.

We will share information with our business partners. This includes a third party who provide or sponsor an event, or who operates a venue where we hold events. Our partners use the information we give them as described in their privacy policies.

We may share information if we think we have to in order to comply with the law or to protect ourselves. We will share information to respond to a court order or subpoena. We may also share it if a government agency or investigatory body requests. Or, we might also share information when we are investigating potential fraud.

We may share information with any successor to all or part of our business. For example, if part of our business is sold we may give our customer list as part of that transaction.

We may share your information for reasons not described in this policy. We will tell you before we do this.

Email Opt-Out

You can opt out of receiving our marketing emails. To stop receiving our promotional emails, please email unsubscriber@castellumlabs.com. It may take about ten days to process your request. Even if you opt out of getting marketing messages, we will still be sending you transactional messages through email and SMS about your queries.

Third party sites

If you click on one of the links to third party websites, you may be taken to websites we do not control. This policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for these third-party sites.

Grievance Officer

In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below:

Mrs. Rinky (Sukriti) Shukla

Workyard, 337, Phase 2,
Industrial Area, Phase 1,
Chandigarh, India - 160002

Phone: +91 - 86399 53505
Email: sukriti.shukla@castellumlabs.com

If you have any questions about this Policy or other privacy concerns, you can also email us at privacy@castellumlabs.com

Updates to this policy

This Privacy Policy was last updated on 20.12.2025. From time to time we may change our privacy practices. We will notify you of any material changes to this policy as required by law. We will also post an updated copy on our website. Please check our site periodically for updates.

Jurisdiction

If you choose to visit the website, your visit and any dispute over privacy is subject to this Policy and the website's terms of use. In addition to the foregoing, any disputes arising under this Policy shall be governed by the laws of India.

Annual Summary Report

Please provide your details to access the report.