What is Breach Monitoring?
Prey’s Breach Monitoring is a service that obtains leaked data from the dark web, scanning 24/7 to keep users updated on the latest information. It detects stolen credentials and breaches as soon as the data is exposed and publishes a weekly updated report, providing intelligence and insights so that the user can react and generate future prevention strategies. All reports have a severity score that delivers a quick overview of your organization’s health.
What constitutes a breach? How is data usually stolen?
A data breach occurs when unauthorized individuals gain access to sensitive, protected, or confidential data. This can include personal information, login credentials, financial records, intellectual property, or other sensitive business data. A breach can result from various security failures, such as hacking, malware, insider threats, or accidental exposure. Read more about it here.
How is the Severity Score determined?
- Critical severity: One of our recovered breach records comes from an infected machine. It will always include a plaintext password.
- High severity: We’ve found one or more plaintext passwords or email addresses in dark web marketplaces, hacker forums, or private cybercriminal networks.
- Low severity: No records were found, or we caught a record on an email-only list with a non-crackable password hash, or no password at all. It may include identifiers like names, addresses, phone numbers, among others.
How does Prey and Breach Monitoring have access to the leaked data?
Prey partners with a third-party threat intelligence service that collects stolen credentials and assets from the dark web, using human intelligence methods and gathering hundreds of millions of records monthly. These records, impacting individuals and organizations worldwide, are validated and stored in a central database. Prey’s Breach Monitoring accesses this database, analyzing and matching leaked data to your information (emails or domains). Weekly reports provide updates, enabling quick responses to prevent further exposure or future leaks.
How does it work?
The third-party monitoring service provider adds hundreds of newly breached databases to our Breach Monitoring system weekly. We automatically update your Severity Score and breached records. The updates reflect on your report, and you may also download a CSV file that includes all found records. Our partner has access to freshly leaked assets, which means that you may learn about breaches before they become public knowledge and before they are published in tech and news sites/media.
Does the severity score and leaked data summary in the first free report reflect real exposed data from my domain?
Yes, the default Severity Report displayed on your panel’s Breach Monitoring page is based on real analysis of the account you use to log in to Prey. We scan dark web databases to identify any leaked data associated with that domain and assign a severity score so you can get a first look at the information and insights our service could provide for you. The report includes details like:
- The total number of breach records found
- The percentage of reused passwords
- The time since the domain’s last known exposure
- Any detected malware infections
- The number of personal and financial information leaks
If you have any questions or need more details, please contact us, and we’ll be happy to provide further information.
Is Prey considered a hacker if they have access to my private data? How can I trust that you will handle my data by compliance standards?
We go to great lengths to keep the information found about your data private and secure. We gather the information that’s already out there fast, and we treat any information found and shared with us as confidential. Our service provider encrypts all the data in their system. They take operational security precautions (which are not shared publicly) to ensure that all data is safe. Our service strives to inform you about rogue data, and we’ll always do so in a confidential manner.
How do I know if the leaked data is current or older?
We provide a historic log of breaches, dates included, and periodically add new leaks and breaches. For any record that appears in your report, we disclose three dates (included in the CSV):
- The date of the actual breach
- The date we acquired the information
- The date the breach was made known publicly (if it was made public)
For private breaches, the acquisition date (when we acquired the data). For public breaches, the date the breach was made public.
How do old breaches affect my Severity Score?
Currently, all historical breaches impact the score displayed in your weekly report. Breach Monitoring highlights your most critical assets in a structured table, helping you prioritize which emails or domains need immediate attention. Each record includes a publish date, allowing you to assess its age and relevance. Additionally, a system for sorting and flagging breached records is on the roadmap for future implementation, enhancing your ability to manage and respond to security threats efficiently.
Why would I want to see old breaches? What am I to gain from that information?
Even if leaked credentials or company data are old or remediated, understanding past exposures can help identify attack patterns and weak spots, helping prevent future breaches. Cybercriminals often reuse old data for credential stuffing, phishing, and social engineering attacks. Leaked information can also be combined with newer breaches, posing ongoing security risks. Additionally, monitoring helps with regulatory compliance, brand protection, and mitigating third-party risks. Proactive awareness demonstrates a strong security posture and helps prevent potential threats before they escalate.
What’s your pricing, and how does a subscription work?
We offer subscription plans that match your Prey subscription frequency. Any organization can subscribe, create a new account, and choose a payment frequency (monthly, yearly). This is true for existing and new Prey customers. You don’t require a Prey subscription to use Breach Monitoring.
Trials are not available due to the product’s nature. You can cancel your subscription anytime. Just take into consideration that there are no refund policies in place for a lack of breaches detected, if you have no “negative” results. Please refer to our pricing section to learn more.
Breach Monitoring offers two subscription services: Domain Monitoring or Email Monitoring:
For domains, we'll monitor for ALL email addresses that match against it (jane@example.com, john@example.com, etc.) for a fixed price.
In the case of emails, you are to choose the addresses you want to monitor and pay a fee per email address.
How does a BM subscription interact with a Prey one?
With Breach Monitoring you oversee emails and domains, not devices. Prey and BM are complementary services, and the addresses or domains protected may or may not be associated with the devices you monitor and manage with Prey. Breach Monitoring does not interact with the Prey agent you installed in your machines, nor needs it. You might use protection actions over devices you know are associated with the addresses or domains you monitor, but it's not a direct service provided at the moment.
How do you deploy it?
There is no deployment needed. Breach monitoring is an online experience. You can add the Breach Monitoring subscription to your current Prey plan or subscribe to BM only. Just create an account and choose what you will be monitoring. Email subscriptions can be upgraded anytime*. You are welcome to schedule a demo with our product experts to navigate the service, learn how to interpret the report and ask questions as you go.
*Email addresses are not interchangeable like device slots, each monitored address is unique.
What types of information can you find?
Here's an example of the type of information we find by scanning for your domain (partial list):
- Internal and external systems infected with keyloggers that are logging into your servers
- Corporate computers infected while being used for personal use
- Intellectual property that was stolen and being advertised in underground markets
- Any compromised credentials (username and password) associated with a domain login
Backdoors on your corporate servers used by hackers
Examples of the type of information we find by scanning your personal email addresses (partial list):
- Compromised credentials from private (you won't read about many of these in the press) and public data breaches
- Cloud login credentials
- Personally identifiable information (PII) that is easily associated to your email
Will Breach monitoring alert me of existing or new breaches and leaks involving my data? Can I mark breaches as resolved, label, erase or flag them?
At the moment BM does not offer notifications, we provide a report that updates weekly that is always available for consultation and CSV exports. Flags, labels and resolutions are improvements we have added to our product roadmap and expect to develop and publish in the future.
Why choose Prey’s Breach Monitoring among a list of different competitors, some even free?
The dark web allows criminals to trade stolen data beyond the reach of search engines, but much illicit activity also occurs in private, encrypted spaces, away from conventional search engines. Traditional monitoring tools, especially free ones, often detect breaches too late—months or even years after exposure. Prey’s Breach Monitoring service provider offers advanced Cybercrime Analytics by infiltrating criminal communities to access stolen data early, often before it appears on the dark web. Using security researchers and proprietary technology, it recaptures and transforms this data into actionable insights. Prey’s BM uses these insights and reports them to you, enabling your organization to access the information and make mitigation plans faster.
Am I not safe with my current Antivirus and stack of protection measures?
Antivirus software protects against malware, but it does not detect leaked data. A dark web monitoring service complements an antivirus by addressing data breaches and credential theft, which an antivirus alone cannot stop. Antivirus services protect devices, they do not scan for stolen credentials and data. If your passwords, emails, or financial data are leaked in a breach, your antivirus can’t detect them or alert you.
Why do I need to keep paying for Breach Monitoring if I already learned where my vulnerabilities lie? Isn't it enough to just use the service once?
In 2024, there were 3,158 reported data breaches, closely mirroring the previous year's figures. Six mega-breaches accounting for 85% of the 1.7 billion breach notifications issued (1). Companies face increasing legal penalties and customer lawsuits due to stricter data privacy laws (GDPR, CCPA)(2). Breaches happen all day, everyday. Monitoring your emails and domain just once is not enough, we offer a weekly report as an insurance that you will find out first about any new breach and have the time to react when needed.
What is BM good for after the fact if my emails or domain are already compromised?
Discovering that your data has been compromised doesn’t mean all hope is lost, there’s still a lot you can do to protect your organization. Just because stolen credentials appear on dark web marketplaces doesn’t mean they’ve been sold or exploited yet. Acting quickly can make all the difference. For example, if a plaintext password linked to your email or an employee account has been leaked, taking immediate action, such as changing the password and enabling multi-factor authentication (MFA), can prevent attackers from gaining access. Use breach knowledge to reinforce security policies, identify attack patterns, protect customers and third parties and avoid further damage.
How are the compromised emails sorted (by age, or by assets, or by number of leaks)?
Will you help me fix, remediate, or patch my vulnerabilities? Do you offer guidance to resolve the issues and help prevent them in the future?
Prey’s Breach Monitoring is an information-driven service designed to provide visibility into your organization's security posture, rather than directly handling remediation or security enforcement. Our weekly reports deliver insights on the status of your emails or domain, helping you identify vulnerabilities, take security measures, and ensure compliance with industry regulations. By staying informed, you can strengthen your defenses and respond effectively to potential threats.
Will you help me remove my data from the Dark Web?
Removing leaked data is not a viable solution, as there’s no way to track who has seen or saved the information once it appears on dark web marketplaces. Instead, it’s best to assume that any exposed data is already compromised and focus on securing affected areas. Take proactive steps; regularly update passwords with strong, unique combinations, implement multi-factor authentication (MFA), and strengthen security protocols. Educate your team on cybersecurity best practices to prevent future breaches. Most importantly, use tools like Breach Monitoring to detect exposures early, allowing you to respond quickly and minimize potential damage.
I’m being extorted, how can you help me?
Prey’s Breach Monitoring does not offer remediation or assistance. At the moment we are an information service about your data’s current state, and about its future. We have the ability to access data that has been extracted or compromised and inform you about it in a very timely manner so the issue does not escalate. We suggest you contact your city’s cybersecurity agency for guidance and support to resolve the issue.
I am an MSP, can I offer Prey’s Breach Monitoring service to my clients?
A solution for MSPs is in its early design stages, and will be offered to interested customers, new and existing. Contact sales to be informed when Breach Monitoring for MSPs is available.