Proton Data Breach Observatory reports as soon as your personal data hits the dark web

Security-conscious readers probably already use the data breach alert site Have I Been Pwned, but a new Proton website is aiming to alert you at an earlier stage with what the company says will be near real-time reporting. The company behind ProtonMail says it has launched the Data Breach Observatory because it can sometimes take too long to find out when your personal data has been made available for sale on the dark web … Have I Been Pwned Despite the law, relying on large companies to reveal that they have suffered a data breach and your personal data has been compromised is a very unreliable approach. Many fail to reveal data breaches until weeks or sometimes even months later. That’s the primary reason for websites like Have I Been Pwned, which aim to alert you to stolen data as soon as there is a reasonable basis for believing that it has occurred. Because hoax announcements by supposed attackers are not uncommon, Have I Been Pwned adopts a somewhat conservative approach where it seeks supporting evidence for any claims before reporting. The following activities are usually performed in order to validate breach legitimacy: Has the impacted service publicly acknowledged the breach? Does the data in the breach turn up in a Google search (i.e. it’s just copied from another source)? Is the structure of the data consistent with what you’d expect to see in a breach? Have the attackers provided sufficient evidence to demonstrate the attack vector? Do the attackers have a track record of either reliably releasing breaches or falsifying them? Proton’s Data Breach Observatory Proton’s new Data Breach Observatory takes a more aggressive approach, reporting as soon as personal data is offered for sale on the dark web, as Engadget reports. Proton’s solution is to monitor the dark web itself, watching locations where data thieves go to advertise stolen information. By keeping an eye on these exchanges, Proton believes the Data Breach Observatory will be able to warn victims as early as possible, including before the targets themselves are aware of the leak. Making breach reports available in one place is also meant to educate the public about the actual size and scope of cybercrime, while making it harder for companies to keep quiet about getting hacked. Proton plans to update the Observatory in “near real time,” working with a risk detection firm called Constella Intelligence. Currently, the site only appears to be available in German, but we can likely expect an English version very soon. 9to5Mac’s Take Choice is good. While Proton’s site is likely to contain some false positives, it’s also likely to alert you at an earlier stage to real ones. Hackers do sometimes make hoax claims for the kudos, but if they are actually offering the data for sale then it’s likely that the majority of examples will be genuine. Highlighted accessories Photo by fabio on Unsplash