Dark Web Scan

This feature is only available to participants in the WatchGuard Cloud Beta program.

A data breach is the intentional or unintentional release of secure or confidential information to an untrusted environment such as the dark web. WatchGuard offers a Dark Web Scan service to help inform and protect Internet users who might be unaware that their credentials have leaked in a data breach.

With Dark Web Scan, you can search data breaches for email addresses and domains. If a data breach is found to include your accounts, then you should change the affected credentials. WatchGuard also offers the AuthPoint service to add multi-factor authentication (MFA) to your enterprise's authentication plan in order to prevent stolen credentials from being used to access your or your company's data.

Scan for Data Breaches

Dark Web Scan enables you to scan for data breaches that include your user accounts.

To scan for data breaches, from the dashboard:

  1. In the Dark Web Scan tile, type an email address or domain name.
    You cannot include wildcard characters in the search criteria. Subscriber accounts can only search their own domain.

  1. Press Enter.
    The scan results appear.

To scan for data breaches, from the Dark Web Scan page:

  1. In Subscriber view, click Administration > Dark Web Scan.
    In Service Provider view, click AdministrationView My Account > Dark Web Scan.
  2. In the search text box, type an email address or domain name.
    You cannot include wildcard characters in the search criteria. Subscriber accounts can only search their own domain.

Dark Web Scan search box

  1. Press Enter.
    The scan results appear.

You cannot scan some public domains, such as gmail.com or google.com. You must type a specific email address for these domains. For a complete list of public domains you cannot scan, see https://github.com/WatchGuard-Threat-Lab/Dark-Web-Scanner-Info/blob/master/Public-Domains.txt.

View Scan Results

When you scan for an email address or domain, the Results section shows data breaches that include the email address or domain, the date when the latest breach occurred and when it was exposed. For domain scans, the results also show the total number of exposed credentials.

To expand the section and view a description of the data breach, click . The details include who discovered the exposure and when, as well as the type of credentials that were exposed.

Send Results by Email

You can send a PDF report of the results by email to yourself or another email account. By default, passwords are not included in the results you send.

To send the results for a scan of data breaches that include an email address:

  1. Scan for data breaches that include an email address.
    The Send Results option for the email address shows to the right of the results.

  1. To include partial passwords in the results, select the check box.
  2. Partial passwords are only shared with the email account they belong to.

  3. Click Send.
    WatchGuard Cloud sends a confirmation request to the email address. To receive the results report, you must confirm the request in the email message. If you do not receive a confirmation request email, check your spam or junk folder for the email message.

To send the results for a scan of data breaches that include a domain:

  1. Scan for data breaches that include a domain.
    The Send Results option for the domain shows to the right of the results.

Dark Web Scan send domain results

  1. From the Email drop-down list, select an email address to request authorization to generate the report.
  2. (Optional) To send the report when authorization is received, in the Email text box, type an email address.
    The domain owner must first authorize WatchGuard Cloud to send the results report to the specified email address.
  3. Click Send.
    WatchGuard Cloud sends an authorization request to the domain owner. The domain owner can select to receive a copy of the report or send the report to the specified email address.

Scan Results Report

The scan results report includes a summary and detailed information on all data breaches for the email address or domain.

The report includes the date when the exposure occurred as well as the date when the breach was made public.

Reports for a specific email address include partial passwords (4 characters) exposed in a data breach, when available. The full domain scan report does not include any password information.

For more information on transparency and privacy, see the FAQ.

See Also

About the Dashboard

Dark Web Scan FAQ