HowTo: Dark Web Workflow

3rd April 2023 | HowTo, MSP, Platform, Technology

Dark Web Reporting Within CyberHoot:

CyberHoot offers dark web monitoring and reporting for its clients by scanning user email addresses against known dark web breach databases. Any exposures found are reported directly through the CyberHoot console and via email notifications to designated administrators. Admins can then choose to follow the recommended workflow outlined in this article to review and address these exposures. Participation in this process is entirely optional and left to the discretion of each individual client.

What to Do When You Have Dark Web Exposures:

Here’s a high level overview of the steps you may follow to review dark web exposures.

To check the exposures on the Power Platform:

Select the customer in which you want to check the exposures for.
Click on the “Exposed” box right from the main Dashboard view.

To check the exposures on the Autopilot Platform:

Select the customer in which you want to check the exposures for.
Click on Users.
Click on Exposed Users.

Overall recommendations:

Check the date of the exposures, sometimes those are very old and were already taken care of by the user, when in doubt, notify them.
Notify the users, informing them to change their passwords and enable 2FA/MFA on the affected accounts.
Here’s a sample of text to send to impacted users when using the notify feature within CyberHoot’s Power Platform:
“Your accounts have been discovered on the dark web, if you still use these online accounts that have been exposed, it’s recommended that you change their passwords as well as the passwords for any other accounts that share the same password. Don’t forget to enable 2FA/MFA to further enhance their security”
Acknowledge the exposure on the console.