Businesses concerned about cybersecurity may already be familiar with Have I Been Pwned, a site dedicated to notifying users about data breaches. Recently, Proton, the company behind ProtonMail, launched its own data breach alert service named the Data Breach Observatory. This platform aims to provide near real-time notifications to individuals when their personal data surfaces on the dark web.
The necessity for such services stems from the delayed responses often seen from corporations acknowledging data breaches. Businesses frequently take weeks or even months to notify affected users about compromised data—a situation that is both frustrating and risky. Proton’s new initiative addresses these gaps by keeping a vigilant eye on areas of the dark web where stolen data is commonly sold.
Have I Been Pwned
Relying on enterprises to disclose data breaches is inherently unreliable. While governance laws exist, they are often ineffective, resulting in delayed communication of security incidents. Have I Been Pwned was established to fill this critical gap, alerting users to breaches as soon as there is a reasonable basis for concern. Its cautious approach involves confirming claims with supporting evidence to mitigate false reports, given the prevalence of hoax announcements from unauthorized sources.
In validating the legitimacy of a breach, several key factors are assessed:
- Public acknowledgment of the breach by the affected service.
- Presence of the breached data in search results.
- Consistency of the data structure with known breach patterns.
- Evidence from attackers regarding the breach methodology.
- Historical reliability of the attackers in previously released breaches.
Proton’s Data Breach Observatory
Proton’s Data Breach Observatory employs a more proactive strategy than its predecessors, issuing alerts when personal data is initially listed for sale on the dark web. As reported by Engadget, this initiative is part of Proton’s efforts to monitor theft marketplaces directly, allowing them to provide timely warnings to potential victims—sometimes even before they are aware of a breach.
Alongside rapid notifications, Proton aims to centralize breach reporting to enhance public understanding of cybercrime’s extent. The platform also seeks to pressure companies to be more transparent about breaches. Their partnership with Constella Intelligence allows for updates to the Observatory in near real-time, marking a significant advancement in how breaches are tracked and reported.
At present, the Data Breach Observatory is primarily offered in German, but plans for an English version are anticipated shortly, expanding its accessibility to a broader audience.
9to5Mac’s Take
Increasing options in breach alert services is advantageous for consumers. While Proton’s platform may generate some false positives, it is likely to also identify genuine threats earlier than other services. Instances of misreporting by hackers exist, yet when data is available for sale, the likelihood that these instances are authentic is significantly higher.
Highlighted accessories
FTC: We use income-earning auto affiliate links. More.
