Password exposed on dark web but can't see what the password is

Tomislav_Plesa · January 25, 2025, 12:44am

I successfully used the procedure in the link that @bjm posted earlier in the thread to get to speak to a live agent.

I sought clarification on which password was supposed to have been posted on the dark web and was not given an answer.

The agent could only guess, and thought that the password may have been the password to the email account that was listed (a gmail account). And stated that it was a good idea to change that password.

The agent went onto state that much of the information (like passwords) posted on the dark web were fake / a scam and the likelihood of the password that was posted being real or linked to any actual website that I use very small.

I asked for clarification on the actual password that was listed (so I could determine whether it was completely made up or in fact an actual password) and the agent was unable to provide me with that information.

I also asked how someone could actually obtain something like a password (given I have Norton on all of my systems and do not have any soft copies of any of my passwords on my systems), as I wanted to know if there was a possibility of a password being leaked / hacked from one of the websites that I use.

I wasn’t given any answers to that question either, and was told that I shouldn’t be majorly concerned other than to change the password to the email account that was listed.

However I was perplexed as to how they could make that statement without clarifying what was listed in the password that was posted. (As many sites use a combination of an email address and a password for that particular site or service)

And I have around 20 different sites that I use for goods or services!

Because ‘trust me everything is fine’ isn’t a sufficient answer I have now changed the passwords to several sites that I access using a combination of my email address and a password.

And have chosen to not to worry about sites that use a combination of a user/client number and a password.

I am happy that Norton have been able to flag this type of event, however not being able to provide me with any real information around it is really frustrating as I have no idea if I spent half of yesterday chasing my tail and being incredibly stressed for no reason or not.

And I still have no idea if what was posted was real or not.

And not being able to email them about my questions, concerns and thoughts about my agent interaction is not a good look.

bjm · January 25, 2025, 1:32am

Hello @Tomislav_Plesa
Thanks for posting your progress.

FAQ Dark Web Monitoring
Learn more about the Dark Web notification
Learn more about Password Combo List notification from LifeLock
Data detected on the Dark Web? What next?

user314159265 · January 25, 2025, 1:52am

@Tomislav_Plesa, for peace of mind you can get a redacted version of the breached password (with asterisks) from Experian. If you sign up to their identity product as a free trial then, if anything like my experiance, it will be the most recent notification received. Then you can cancel the same day to avoid fees.

The downside of this is that you share more personal information with other companies. It differs depending on where you live.

I came across the idea when reading up about ‘identity services’.

@bjm I hope this isn’t against the terms of service to mention other companies. Just to share peace of mind, that’s all

bjm · January 25, 2025, 2:08am

Experian Identity protection plans
†IMPORTANT INFORMATION
A credit card is required to start your free 7-day trial membership‡ in Experian IdentityWorks℠ Premium or Experian IdentityWorks℠ Family Plan. You may cancel your trial membership at any time within 7 days without charge. If you decide not to cancel, your membership will continue and you will be billed $24.99 plus applicable sales tax each month for Experian IdentityWorks℠ Premium or $34.99 plus applicable sales tax each month for Experian IdentityWorks℠ Premium Family Plan.

‡Monitoring with Experian begins within 48 hours of enrollment in your trial. Monitoring with Equifax® and TransUnion® takes approximately 4 days to begin, though in some cases cannot be initiated during your trial period. You may cancel your trial membership in IdentityWorks℠ any time within 7 days of enrollment without charge.

Tomislav_Plesa · January 25, 2025, 7:18am

Thank you kindly for the info.

Unfortunately for me Experian only offers their Dark Web monitoring service to the U.S where I don’t live. Which is a shame as after doing a google search for the best dark web monitoring tools they were listed as being the most extensive.

A company called ‘Identity Guard’ were also listed as very good but do not have a chat-bot or email that I can use to explain that I need a copy of the password that was listed (or a redacted version at least) in order to know what has been effected. As I don’t want to sign and pay for a service that doesn’t give me the information that I need.

The Norton email I received stated that the source of the leak is unknown and can not be traced back to any specific website or company which is fair enough, but given that their search indicated that a password was posted I need to see it (or at least a redacted version)

And I don’t understand why Norton who identified that a password was listed is unable to provide me with any information about it.

I have managed to email another security company called ‘Keeper’ that has a free dark web check on their site and it also identified that an email and password has been listed on the dark web.

(I asked them if they were able to provide me information on the password if I were to sign up as a paid customer).

I’ll see how that goes.

Tomislav_Plesa · January 25, 2025, 7:25am

Thanks for the links, but they don’t provide me with the information that I’m after, that being the actual password that was listed. (Or a redacted version)*

One of the links advises me to change all of the exposed usernames / email address and password combinations which is unhelpful to say the least.

‘We can’t tell you what password was leaked so go ahead and change 30+ passwords’

Thanks.

user314159265 · January 25, 2025, 10:15am

On Experian, in other regions they don’t make specific mention of dark web monitoring but it is available. In my region I needed to select the identity product rather than the credit product.

Also to mention, using that service the redacted password may seem far too long but I suppose they add in asterisks to mask the password length.

bjm · January 25, 2025, 10:48am

https://www.keepersecurity.com/free-data-breach-scan.html

Finding a “password” doesn’t mean there’s a breadcrumb trail back to where/how your “password” was sourced.

Maybe, an old email at some point has ended up on a stolen password list on the dark web, associated with some old password that you may no longer use that was probably leaked in one of those large company hacks like Target, Equifax, etc… Norton catalogues the entire list of compromised emails and whenever they detect it being entered they notify you.

Update your credentials…if you believe Norton…review your credentials regardless.
Has it been a while since you reviewed your sensitive credentials?

With hackers targeting companies from Facebook to Marriott to Equifax, there’s a good chance that at least one of your accounts has been compromised.

Tomislav_Plesa · January 26, 2025, 12:57am

That’s interesting.

I have looked through the Experian website in my region and if they offer the dark web scan it’s not obvious to me as to where it is.

I will contact them and ask if they provide such a service on Tuesday (there is a public holiday in my region on Monday)

They actually have a telephone number!!

Tomislav_Plesa · January 26, 2025, 1:18am

I appreciate that passwords that are posted anonymously on the dark web will not necessarily allow you to understand where they were taken from.

What I have asked the Norton agent and Keeper is to tell me what the password that was listed on the dark web is. (That they both found)

And I will immediately know what the password is / was for.

Or identify that someone has just posted crap.

(Given both have been able to identify that a “password” has been listed on the dark web)

A straightforward request I thought.

But instead, it’s been:

Just change your email password (Norton) (Even though you haven’t told me which password was listed)
It’s a good idea to change all of your passwords anyway (Norton documentation)
Load all of your passwords into our vault and we’ll search for them to see what’s posted (Keeper) (Even though their free scan has already identified that a password has been posted online)

If you have identified a password, let me know what it is (at least an edited version)

bjm · January 26, 2025, 1:56am

You expect Norton & Keeper to provide you with the list of “passwords” that Norton & Keeper found on the dark web.

In July 2024, a file containing nearly 10 billion passwords was posted to a hacker site. This was called RockYou2024 and was believed to be the largest password leak ever.
Recent & Past Breaches

Tomislav_Plesa · January 26, 2025, 4:05am

Given that both Norton and Keeper have identified that my email address and a password linked to that address were posted on the dark web then of course I expect them to be able to tell me what the password is.

Otherwise how are they able to make the claim that it has occurred?

Have they made this claim because someone posted a document that says that it contains ‘passwords’ in it (which may be full of crap), or because they in fact found a password that is linked to email address? (i.e: the document states my email address and provides an associated password)

Because if there is no leak source (i.e: a website) and nothing in the leak that stipulates a password that’s connected to my email address then this is a wild goose chase.

Do you work for Norton, and if so under what capacity?

Or are you a fan that’s giving assistance in the community?

As your links are not in any way speaking to my specific question, which is why they are unable to produce the password that they found, that is linked to my email address?

Your RockYou2024 link speaks about a leak in July 2024, with Norton suggesting users to change the password and or username on all sites where you may have used them. (My breach did not include any usernames and I was informed that there was no traces back to any specific company or website)

Your Recent & Past Breaches link speaks to changing the password for websites where the alleged data breach has been reported (not the case for me)

And I have not used any of the websites or services listed under ‘Recent’ or ‘Past’ breaches.

DebraAnn_Barnes · January 26, 2025, 11:00pm

Hi, I have spent quite some time chatting and talking re this issue and had no success. They confirmed the back end team can see the password but it is confidential and the front end people cannot share with me. Told to change every password where I use the email address. Seriously annoyed at the lack of process to address this

bjm · January 28, 2025, 7:47am

Hello @Tomislav_Plesa
Norton Community is primarily user-to-user < working > product help.
I’m not Norton. I’m a Norton user.
As a Norton user that’s never received a Dark Web Monitoring notice. I’m curious…
Dark Web Monitoring allows monitoring 5 email addresses.
Does Norton identify the email address or does Norton claim they found an email address listed for monitoring and they found a password linked to that email address?

Have you seen Dark web alert showing full password

@user314159265 sounds familiar with DWM notices…posted: here
“If the source of the exposure is known then you might be able to get the combo list stating the password - which may narrow down the account. If the source is unknown then they can not provide the combo list.”

=======================================

~ wonder whether Norton is more responsive for Norton 360 with LifeLock subscribers ~
Norton marketing sure makes Dark Web Monitoring sound like we all need Norton Dark Web Monitoring.
I’ll be notified when my sensitive information is found and I’ll be able to immediately change my passwords.

Dark web monitoring is a vital defense that helps you better protect yourself against identity theft and other forms of fraud, because it notifies you when a data leak containing your sensitive information is detected. That allows you to immediately change your passwords, deactivate credit cards, or take any other steps necessary to minimize ongoing risks to your privacy and security.

If you subscribe to a dark web monitoring service, you’ll receive a dark web alert if your personal information is detected on the dark web. This may include sensitive data that can be used by fraudsters such as your credit card number, mother’s maiden name, physical and email addresses, phone numbers, and bank account details. Receiving the notification enables you to take immediate action to remove personal information from the internet and help secure yourself against identity theft.

There are all sorts of ways your personal information can wind up on the dark web. Although often the result of data breaches targeting organizations, hackers can also target you individually via phishing attacks or through exploiting unsecured public Wi-Fi. After you become involved in a data breach, hackers can try to sell your information to scammers, fraudsters, and other cybercrooks on the dark web.

Dark web sites include online marketplaces for buying and selling illicit goods, and that includes personal information that can be used for identity theft, among other things. Our advanced monitoring technology goes beyond easily accessible sites and marketplaces, scanning private forums, the social web, the deep web, and the dark web to detect exposed information.

Since the dark web is constantly changing, no one can guarantee to monitor 100% of the dark web and private forums. Dark Web Monitoring goes beyond easily accessible sites and marketplaces, infiltrating private forums, the social web, the deep web, and the dark web.

https://us.norton.com/feature/dark-web-monitoring

Password exposed on dark web but can't see what the password is

Announcements