Today we’re excited to launch another feature for everyone with a paid Proton plan: Dark Web Monitoring for credential leaks. You’ll find it in our new Security Center in Proton Mail, and in your Security and Privacy settings.
Dark Web Monitoring scans hidden parts of the internet for Proton Mail email addresses that have ended up in illegal data markets. If our system detects a breach that affected one of your accounts used to sign up to a third party website, you’ll receive a Security Center alert along with actions you can take to mitigate the risk.
Proton’s dark web detection continuously scans dark web hubs associated with illicit activities, such as hacking forums and markets, searching databases for emails contained in data breaches that use any of Proton’s 19 email domains (for example, @pm.me, @protonmail.ch, etc.) as well as any other information associated with those email addresses (like stolen credit card details, for example). We use our own threat intelligence datasets that are also enriched with data from Constella Intelligence, a leader in digital threat management. No user data is ever shared with third parties, but we do analyze reports from third parties any time they find leaked information or data stolen in a hack from a third-party online service that’s tied to a Proton Mail email address or a Proton Pass/SimpleLogin alias.
Dark Web Monitoring will show all known breaches that have affected your accounts over the last two years. While all breaches carry risks, we highlight the breaches you should prioritize with a red indicator. These breaches require immediate attention, typically to change passwords that were exposed as plaintext or weakly hashed (for example, using MD5).
Orange notifications show breaches that affected your accounts but where either no password was leaked, or where your password was encrypted or strongly hashed (for example, with SHA256 or bcrypt). Note that these breaches can still expose sensitive personal information.