Domain Monitoring
Leaked credentials and dark-web mentions for your domain: what the findings mean and what to do about them.
Domain monitoring watches your domain in breach dumps, stealer logs and dark-web sources. When credentials tied to your domain show up somewhere they should not be, you get an alert.
Reading a finding
| Category | Severity | What it means |
|---|---|---|
employees | critical | Credentials on your own domain's mailboxes (staff accounts). |
customers | high | Credentials of users who registered on your services with the monitored domain. |
third_parties | medium | Credentials exposed through unrelated third-party sites. |
There are two kinds of findings: credential leaks (actual leaked usernames/passwords, counted per category above) and dark-web mentions (posts or listings that reference your domain).
What to do when an alert arrives
- 1
Acknowledge it
Marks the finding as seen and stops reminder nudges.
- 2
Reset the affected passwords
Employee accounts first. They unlock the most. Enable two-factor authentication where you can.
- 3
Resolve the alert
Once handled, mark it resolved. (Alerts must be acknowledged before they can be resolved.)
Leaks are found in public and criminal data sets. An alert does not mean your server was hacked. It usually means someone reused a password on a site that got breached, or caught malware on their own device.