Understanding the Dark Web ID compromise detection engine upgrade

Overview

This article provides essential information about the upgrade to the Dark Web ID compromise detection engine. It highlights the key benefits of this new engine, what to expect during the transition period, and recommended actions for users with ticketing system integrations. For details specific to IP address monitoring, see Understanding the Dark Web ID compromise engine upgrade: IP address monitoring.

What is changing?

Dark Web ID has deployed a new and more powerful compromise detection engine to enhance threat monitoring capabilities. This foundational upgrade allows us to scan for compromised credentials more effectively and across a broader range of sources.

Key benefits

The new engine offers two significant advantages:

Expanded coverage: Access to a significantly larger number of dark web sources, including private forums, illicit marketplaces, and newly discovered data dumps.
Increased monitoring frequency: Enhanced capacity enables more frequent and timely queries, allowing for faster detection of compromises as they appear on the dark web.

Important considerations during the transition

As with any major system upgrade, there will be a brief transition period to consider.

Potential for duplicate compromises

As we integrate new data sources, you may temporarily notice a small number of duplicate compromises. This can occur when a compromise identified by the previous engine is rediscovered by the upgraded engine in a new data set. De-duplication algorithms are designed to minimize this behavior, but some overlap may be visible initially.

IMPORTANT Action required for users with ticketing and PSA integrations: Due to enhanced search capabilities, the upgraded engine may initially reveal a higher volume of compromises. To prevent overwhelming your helpdesk or PSA system (e.g., ConnectWise, Kaseya, or Autotask), temporarily disable your ticket integration for the first 24-48 hours after the upgrade. This will give your team adequate time to assess the initial influx of compromises and safeguard your ticketing system.

Delays in PSA ticket creation

During the initial days following the release, PSA ticket creation may experience delays because of the increased volume of compromises requiring processing.

Frequently asked questions (FAQs)

Q: When is this upgrade taking place?

A: The new engine was deployed on October 16, 2025. The transition period refers to the 24-48 hours immediately following deployment.
Q: I don't use a ticketing integration. Do I need to take any action?

A: No direct action is required from you. However, it is recommended that you log in to your Dark Web ID portal to review newly discovered compromises.
Q: Why should I disable my ticketing integration?

A: The upgraded engine detects more compromises. Disabling the integration temporarily helps avoid generating a large, unmanageable number of tickets at once and allows you to control the initial review process.
Q: Who should I contact if I have more questions?

A: If you have any questions or require assistance, please contact our support team here.

Additional considerations for reviewing compromises

Separate reporting for differing disclosures: If multiple compromises involve the same credentials but differ in the information disclosed (such as data fields or breach context), each disclosure is reported as a separate entry to ensure accurate tracking.
Reviewing similar compromises: When compromises appear similar or related, review detailed fields carefully. Compare disclosed values—such as passwords, personal identifiers, or other sensitive data—to accurately assess scope and impact.

Understanding the Dark Web ID compromise engine upgrade: IP address monitoring

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.