Scan for Data Breaches

A data breach is the intentional or unintentional release of secure or confidential information to an untrusted environment such as the dark web. WatchGuard offers a Dark Web Scan service to help inform and protect Internet users who might be unaware that their credentials have leaked in a data breach.

With Dark Web Scan, you can search data breaches for email addresses and domains. If a data breach is found to include your accounts, then you should change the affected credentials. WatchGuard also offers the AuthPoint service to add multi-factor authentication (MFA) to your enterprise's authentication plan in order to prevent stolen credentials from being used to access your or your company's data.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have Account Administration permissions to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

To scan for data breaches, from the dashboard:

  1. In the Dark Web Scan widget, type an email address or domain name.
    You cannot include wildcard characters in the search criteria. Subscriber accounts can only search their own domain.

  1. Press Enter.
    The scan results appear.

To scan for data breaches, from the Dark Web Scan page:

  1. Click Administration > Dark Web Scan.
  2. In the search text box, type an email address or domain name.
    You cannot include wildcard characters in the search criteria. Subscriber accounts can only search their own domain.
  3. If you logged in to WatchGuard Cloud with a Subscriber operator account that uses a public domain (for example, gmail.com), you must log out of that account and log in to WatchGuard Cloud with an account that uses the company domain before you can scan the company domain.

    Dark Web Scan search box

  4. Press Enter.
    The scan results appear.

You cannot scan some public domains, such as gmail.com or google.com. You must type a specific email address for these domains. For a complete list of public domains you cannot scan, go to https://github.com/WatchGuard-Threat-Lab/Dark-Web-Scanner-Info/blob/master/Public-Domains.txt (external).

View Scan Results

When you scan for an email address or domain, the Results section shows data breaches that include the email address or domain, the date when the latest breach occurred and when it was exposed. For domain scans, the results also show the total number of exposed credentials.

To expand the section and view a description of the data breach, click . The details include who discovered the exposure and when, as well as the type of credentials that were exposed.

Send Results by Email

You can send a PDF report of the results by email to yourself or another email account. By default, passwords are not included in the results you send.

To send the results for a scan of data breaches that include an email address:

  1. Scan for data breaches that include an email address.
    The Send Results option for the email address shows to the right of the results.

  1. To include partial passwords in the results, select the check box.
  2. Partial passwords are only shared with the email account they belong to.

  3. Click Send.
    WatchGuard Cloud sends a confirmation request to the email address. To receive the results report, you must confirm the request in the email message. The confirmation link in the email message is available for one hour only. If you do not receive a confirmation request email, check your spam or junk folder for the email message.

To send the results for a scan of data breaches that include a domain:

  1. Scan for data breaches that include a domain.
    The Send Results option for the domain shows to the right of the results.

Screen shot of Dark Web Scan Send Results section

  1. From the Email drop-down list, select an email address to request authorization to generate the report.
  2. (Optional) To send the report when authorization is received, in the Email text box, type an email address.
    The domain owner must first authorize WatchGuard Cloud to send the results report to the specified email address.
  3. Click Send.
    WatchGuard Cloud sends an authorization request to the domain owner. The authorization links in the email message are available for one hour only. The domain owner can select to receive a copy of the report or send the report to the specified email address.

Scan Results Report

The scan results report includes a summary and detailed information on all data breaches for the email address or domain.

The report includes the date when the exposure occurred as well as the date when the breach was made public.

Reports for a specific email address include partial passwords (4 characters) exposed in a data breach, when available. The full domain scan report does not include any password information.

Related Topics

About the Dashboard for Subscriber Accounts