Haveibeenpwned vs. Kaduu: Two different Darknet Monitoring Approaches

What is Haveibeenpwned and how does i work?

Haveibeenpwned is a website that allows individuals or organisations to check if their data has been exposed in known data breaches. The website was created by security researcher Troy Hunt in 2013 and has since become a widely used resource for individuals, organizations, and law enforcement agencies to identify compromised accounts and personal information.

Haveibeenpwned works by collecting data from publicly available sources such as data dumps and breach notification services. The data collected includes email addresses, usernames, passwords, and other personal information that may have been compromised in a data breach. This data is then indexed and made searchable on the Haveibeenpwned website.

You can check if your data has been exposed by entering the email address or username into the search bar on the Haveibeenpwned website.

What are the limitations?

In the following a few limitations are listed. This list is not exhaustive.

• Limitation in the type of data displayed: Since the input is based on email addresses or domains, the results also refer almost exclusively to hacked user accounts. These user accounts are usually not related to the accounts of the requested organization. In most cases, users register with their company email address on third-party websites. Once these websites are hacked, the user data ends up on the dark web. In the rarest cases, such logins can be used for services of the affected organization. However, since data breaches include not only logins, but also many other areas (botnet logs of infected computers, credit cards, job applications, personal information of users, internal documents of the company, etc.), this website covers only a very small part of the possible data outflows.
• Display of the contents of the data breaches is missing: one cannot see the exact contents of the data leak on the platform. Therefore, one does not know if the users are reusing the same passwords or if there is other sensitive data besides the login (e.g. PII, credit cards, address information, etc.). Since combination lists with collected accounts often appear in the darknet (Collection1, Collection2, Combolist 1, etc.), the lack of content is also noticeable here, since the same logins are often found again in these combination lists.
• Data leaks cannot be searched specifically: The website offers a short general description of the data leak, but it cannot be searched further.
• There are no additional search operators: It is not possible to add certain search operators and, for example, search by date, type of data leak or other criteria.

What does Kaduu offer?

The Kaduu darknet monitoring solution addresses all of the above limitations. However, since darknet monitoring does not only include hacked accounts from third party websites, Kaduu also offers many other data sources for risk measurement. These include stolen credit cards, botnet logs from infected machines, user activity on social media, spoofed social media profiles, spoofed apps in Google Play and Itunes Store, live searches in hacker forums, Telegram and Discord, detection of shadow IT and vulnerabilities, detection of leaked configurations or source code on cloud servers or developer platforms, typo squatted domains with dangerous content, and many other data types. A complete overview of the functions can be found here.