HowTo: Dark Web Workflow

21st June 2025 | HowTo, MSP, Platform, Technology HowTo: Dark Web Workflow

Dark Web Reporting Within CyberHoot:

CyberHoot offers dark web monitoring and reporting for its clients by scanning user email addresses against known dark web breach databases. Any exposures found are reported directly through the CyberHoot console and via email notifications to designated administrators. Admins can then choose to follow the recommended workflow outlined in this article to review and address these exposures. Participation in this process is entirely optional and left to the discretion of each individual client.

 What to Do When You Have Dark Web Exposures:

Here’s a high level overview of the steps you may follow to review dark web exposures.

To check the exposures on the Power Platform:

  1. Select the customer in which you want to check the exposures for.
  2. Click on the “Exposed” box right from the main Dashboard view.

To check the exposures on the Autopilot Platform:

  1. Select the customer in which you want to check the exposures for.
  2. Click on Users.
  3. Click on Exposed Users.

Overall recommendations:

  1. Check the date of the exposures, sometimes those are very old and were already taken care of by the user, when in doubt, notify them.
  2. Notify the users, informing them to change their passwords and enable 2FA/MFA on the affected accounts.
  3. Here’s a sample of text to send to impacted users when using the notify feature within CyberHoot’s Power Platform:“Your accounts have been discovered on the dark web, if you still use these online accounts that have been exposed, it’s recommended that you change their passwords as well as the passwords for any other accounts that share the same password. Don’t forget to enable 2FA/MFA to further enhance their security”

     

  4. Acknowledge the exposure on the console.
Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Klopatra: New Android Trojan Drains Bank Accounts via Hidden VNC

Klopatra: New Android Trojan Drains Bank Accounts via Hidden VNC

Newly discovered Android banking Remote Access Trojan (RAT), dubbed Klopatra, has compromised more than 3,000...

Read more
When One Password Ends It All

When One Password Ends It All

In June 2025, KNP Logistics Group, a transport company in the UK with 500 trucks and nearly two centuries of...

Read more
Automated Vulnerability Scanning and Penetration Testing Boost Cyber Resilience

Automated Vulnerability Scanning and Penetration Testing Boost Cyber Resilience

Vulnerability scanning and it's human led partner penetration testing (aka "pentesting") are excellent and...

Read more