Is your data exposed on the dark web?

Frequently Asked Questions

• What is the purpose of BreachID's dark web monitoring?

  In today's threat landscape, it's not a matter of if your data will be expose, it's when. BreachID gives you daily visibility into compromised credentials linked to your business and your customers, even if the breach didn't originate from your systems.

  By detecting exposures early, including Customer Credential Exposure, you can act before attackers do — protecting your platform, your users, and your reputation. Without BreachID, you're flying blind.

• Which plan is best for me?

  Spark - Ideal for small businesses with up to two domains and 50 unique Breached Emails. Includes daily dark web scans, web-based reporting, breach tracking, and Customer Credential Exposure. Perfect for startups and small teams looking for entry-level protection.

  Beacon - Best for medium-sized businesses managing up to five domains and 200 Breached Emails. Offers daily dark web scans, downloadable PDF reports, breach tracking, Customer Credential Exposure, and access to our support desk. Ideal for companies that need active monitoring across multiple domains with enhanced support.

  Lumen - Designed for enterprise-level businesses, especially those with high login volumes or customer portals. Supports up to 10 domains and 500 Breached Emails. Includes breach tracking, Customer Credential Exposure, up to five breach investigations per year, and both support desk and telephonic assistance for rapid response.

  Large Enterprises (Custom Solutions) - If your organisation exceeds Lumen's limits (10 domains or 500 Breached Emails) or needs broader coverage, our custom enterprise solution is built for you. We offer tailored monitoring, extended breach visibility, and advanced breach response.

• What is Breach Source Identification, and why is it important?

  Breach Source Identification helps businesses understand where their compromised data originated from. Knowing the source of the breach allows for better remediation and prevention by helping organisations assess the impact and take appropriate actions.

  Identify the type of data stored in the breached source - Understanding the nature of the exposed data helps in evaluating risk, such as whether login credentials, personal information, or financial data were compromised.

  Validate policy compliance - Businesses can determine if corporate emails or credentials were used on unauthorised platforms, violating internal security policies.

  Strengthen access controls - By knowing where credentials were exposed, businesses can update security policies to prevent similar risks in the future.

  Improve employee security awareness - If credentials were used on unauthorised third-party services, organisations can educate employees on the risks of reusing business accounts on external platforms.

  By leveraging Breach Source Identification, businesses gain deeper insights into how and why data was compromised, enabling them to take proactive steps in mitigating future risks.

• How often does BreachID scan the dark web for my data?

  BreachID scans the dark web daily across all plans. We continuously monitor for compromised credentials and sensitive data linked to your domains and customers—helping you catch breaches early and take action fast.

  No matter which plan you choose—Spark, Beacon, or Lumen—you get the same high-frequency scanning and real-time threat detection.

• What type of data does BreachID store?

  BreachID does not keep a copy of or store full clear text detected passwords. When breached data is retrieved, BreachID only stores three random characters of a leaked password. This ensures that BreachID does no further expose passwords and prevents potential abuse of the service while still allowing users to validate exposure and take corrective action. Additionally, BreachID collects only the necessary information required for domain verification and reporting, ensuring compliance with strict data protection standards.

• How and why does BreachID verify domain ownership?

  To protect user privacy and security, BreachID requires users to verify their email address and confirm ownership or management of a domain before any scans or reports are provided. This ensures that only authorised individuals can request scans and access dark web exposure data related to their domain.

• What is a Breached Email and how does it relate to licensing?

  A Breached Email is a unique email address that has been found in one or more data breaches on the dark web. For example, if example@breachedemail.com appears in 30 separate breach records, it still counts as one Breached Email.

  Your plan's license count is based on the number of unique Breached Emails being monitored, not the number of breach records. So if you're on the Spark plan with a limit of 50 Breached Emails and monitoring example@breachedemail.com, that consumes 1 of your 50 licenses, regardless of how many breach incidents are tied to it.

  This model ensures you get full visibility of breach activity without being penalised for repeated exposures of the same email address.

  Note: This also includes monitoring for Customer Credential Exposure, which detects when your customers' login credentials—used on your platform—are exposed, even if the breach occurred outside your systems.

• Does BreachID collect or store my personal data?

  BreachID complies with strict data protection and privacy standards, storing only the information necessary to provide its services. Clear text passwords found on the dark web are never fully stored to prevent further exposure. If full password details are needed, a request can be logged with the BreachID team, who will conduct a dedicated investigation to retrieve them.

• Are there privacy concerns with showing exposed credentials?

  BreachID protects user privacy while providing essential breach insights. Only partial clear-text passwords are shown for validation without further exposure. Keep in mind that the details displayed are already on the dark web, meaning privacy has already been compromised. The goal is to alert businesses to credential leaks, enabling swift action to reduce risk.

• How should I use the data provided by BreachID?

  Organisations should use BreachID's reports to:

  • Identify compromised accounts and enforce password resets
  • Strengthen security measures such as multi-factor authentication (MFA)
  • Investigate potential breaches and improve internal security policies
  • Train employees on credential security and best practices
  • Utilize for compliance, audit evidence, and cyber insurance reporting, ensuring organisations can demonstrate proactive security measures and risk mitigation efforts

  BreachID's service is intended solely for organisations to protect their own data and mitigate risks associated with exposed credentials. Any use of this data outside of its intended purpose may be considered a violation of our terms of service and could be subject to legal review.

• What happens if my breached assets exceed my plan limit?

  If the number of unique Breached Emails exceeds your plan limit, the service will continue to operate, but your access to data will be limited to the maximum number of Breached Emails allowed by your plan.

  Example: If you're on the Beacon plan (which allows monitoring of 200 Breached Emails), but 250 are detected, your dashboard will display data for only 200 unique email addresses.

  To gain visibility into all detected Breached Emails, you'll need to upgrade to a plan that accommodates a higher volume.

• What do we do if breached information is found?

  If BreachID detects compromised credentials, immediate actions can be taken by you to reduce risk:

  • Change passwords immediately for affected accounts
  • Disable breached accounts and revoke unauthorised access
  • Investigate the source of the breach to understand when and how data was leaked
  • Review system and audit logs to ensure no suspicious activity has occurred
  • Strengthen security measures by enforcing MFA and updating security policies

  For Beacon and Lumen customers: If additional breach details are required, a support request can be logged as part of the Investigation option.

  Need further assistance? You can also log a support call with us. While we are happy to assist, additional costs for advanced analysis may apply.

• What type of reports does BreachID provide?

  No matter which plan you're on, BreachID ensures you have access to the reporting you need to stay informed and take action. All plans include web-based reporting through the dashboard, and we also support PDF reports—both on-demand and scheduled delivery—making it easy to track trends, share insights, and meet audit or compliance needs effortlessly.

  Whether you're a startup or an enterprise, you'll always have the reporting tools to stay ahead of breaches.