Understanding the Dark Web ID compromise detection engine upgrade

Overview

This article provides essential information about the recent upgrade to the Dark Web ID compromise detection engine. It highlights the key benefits of this new engine, what to expect during the transition period, and recommended actions for users with ticketing system integrations.

What is changing?

Dark Web ID has deployed a new and more powerful compromise detection engine to enhance threat monitoring capabilities. This foundational upgrade allows us to scan for compromised credentials more effectively and across a broader range of sources.

Key benefits

The new engine offers two significant advantages:

  • Expanded coverage: The engine has access to a significantly larger number of dark web sources, including private forums, illicit marketplaces, and newly discovered data dumps.

  • Increased monitoring frequency: Its enhanced capacity enables more frequent and timely queries, allowing for faster detection of compromises as they appear on the dark web.

Important considerations during the transition

As with any major system upgrade, there will be a brief transition period to consider.

Potential for duplicate compromises

As we integrate new data sources, you may temporarily notice a small number of duplicate compromises. This can happen if a compromise identified by our old system is rediscovered in a new data set by the new engine. Our de-duplication algorithms are designed to minimize this, but some overlap may be visible initially.

IMPORTANT  Action required for users with ticketing and PSA integrations: In light of our enhanced search capabilities, the new engine may initially reveal a higher volume of compromises. To prevent overwhelming your helpdesk or PSA system (e.g., ConnectWise, Kaseya, or Autotask), we recommend temporarily disabling your ticket integration for the first 24-48 hours post-upgrade. This will give your team adequate time to assess the initial influx of compromises and safeguard your ticketing system.

Delays in PSA ticket creation

Please be advised that the creation of PSA tickets may experience delays during the initial days following the release. These delays are a result of the high volume of compromises that require processing.

Frequently asked questions (FAQs)

  • Q: When is this upgrade taking place?

    A: The new engine will be deployed on October 16, 2025. The transition period mentioned in this article refers to the 24-48 hours immediately following this deployment.

  • Q: I don't use a ticketing integration. Do I need to take any action?

    A: No direct action is required from you. However, we recommend that you log in to your Dark Web ID portal to review the new compromises discovered by the more powerful engine.

  • Q: Why should I disable my ticketing integration?

    A: The new engine will find more compromises. Disabling the integration is a proactive measure to avoid generating a large, potentially unmanageable number of tickets in your system all at once. It allows you to control the initial review process.

  • Q: Who should I contact if I have more questions?

    A: If you have any questions or require assistance, please contact our support team here.

Additional considerations for reviewing compromises

  • Separate reporting for differing disclosures: If multiple compromises involve the same credentials but differ in the specific information disclosed (e.g., different data fields or breach contexts), these will be reported as separate entries. This ensures that each unique disclosure is properly tracked and addressed.

  • Reviewing similar compromises: In cases where compromises appear similar or related, it is important to examine the detailed fields within each compromise. Pay close attention to the specific values disclosed—such as passwords, personal identifiers, or other sensitive data—to accurately assess the nature and scope of each incident.