I received an alert about stolen email credentials via the mobile app. After reviewing the list of passwords there was one that concerned me. Question is what does this notification mean? The email account I am using doesn’t actively have that password do the question is how do I identify what that is tied to? There is no link otherwise to see what website or account it is related to? If you’re going to tell me you found my email and be password on the dark web can you provide where at least??
Dark Web is a web layer, where normal users cannot access by standard browsers. And at that web layer, hackers are sharing stolen data collections.
With the ID Protection feature, Comodo is collecting breach details from Dark Web. And our system uses high technology softwares to extract meaningful credentials data over that collections.
When you login your account, we are checking your email address (or the addresses you added under ID Protection) and returning found breaches about your email. That notification means, your passwords stolen by cybercriminal and shared in Dark Web or sold. This means, you need to change that password if you use it in any website or application.
In your case, if your email does not have that password, it means you never set that password to your email account but you used email and password combination in a different platform. For example, you have example[at]gmail.com and you used that email with different password to register facebook.
Also you are right, we need to show proper link or website about your data breach. If your credentials stolen at adobe.com or other domains, we need to provide them. Currently we are doing it but it looks like sometimes app shows data collection name instead of website url. We will fix that situation.
As I explained before, we are digging data breaches collections. So, in one collection sometimes we are parsing 100K to 1M user data. In the other hand, if you want us to provide a download link from Dark Web, it may not be possible. Because generally Dark Web links can not be active after sometime.