Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Google

Google Brings Dark Web Monitoring To All US Gmail Users (bleepingcomputer.com) 28

At Google I/O on Wednesday, Google said that all Gmail users in the U.S. will soon be able to discover if their email address has been found on the dark web. The dark web report security feature will roll out over the coming weeks, and will be expanded to select international markets. BleepingComputer reports: Once enabled, it will allow Gmail users to scan the dark web for their email addresses and take action to protect their data based on guidance provided by Google. For instance, they'll be advised to turn on two-step authentication to protect their Google accounts from hijacking attempts. Google will also regularly notify Gmail users to check if their email has been linked to any data breaches that ended up on underground cybercrime forums.

"Dark web report started rolling out in March 2023 to members across all Google One plans in the United States, providing a simple way to get notified when their personal information was discovered on the dark web. "Google One's dark web report helps you scan the dark web for your personal info -- like your name, address, email, phone number and Social Security number -- and will notify you if it's found," said Google One Director of Product Management Esteban Kozak in March when the feature was first announced. The company says all the personal info added to the profile can be deleted from the monitoring profile or by removing the profile in the dark web report settings.

This discussion has been archived. No new comments can be posted.

Google Brings Dark Web Monitoring To All US Gmail Users

Comments Filter:
  • by youn ( 1516637 ) on Thursday May 11, 2023 @08:49PM (#63515399) Homepage

    With all the sites that have been hacked, at this point, you can assume your emails is on the dark web if you have used any of the major sites.

    Change your password if you haven't done so in a while, do so regularly. Expect to have more and more sites to go belly up and more regularly. I strongly recommend you don't reuse the same password

    I am not really sure how much additional security this additional monitoring brings. Sure, it's good to know where your address has been compromised... but those are the ones we know about and most of the time, it says "Email has been compromised"... it's amusing to see how many times at this point.

    • by sound+vision ( 884283 ) on Thursday May 11, 2023 @10:02PM (#63515475) Journal

      This isn't really about security. Like you, I assume my email address (at a minimum) is all over lists being sold on the dark web. I'm not worried about it because I have a good password, never reused anywhere, not even entered into a password manager. I haven't even turned on 2FA, and I'm not afraid to say that publicly on Slashdot.

      What this is about is Google getting to associate, strongly and verifiably, your email address with your phone number.

      • by youn ( 1516637 )

        It's nice you're not reusing passwords and you are changing them regularly, I like it.

        With that said, Even with a good password, if they take down the whole master encrypted database, you could still be in danger due to the way hashes work. So, I would still recommend 2FA (Even with it, under some circumstances you are in danger but as much of a pain it is, there are still risks). I have on multiple occasions seen good phishing attacks, tailored to the target which were successful, even if the user was tech

      • What this is about is Google getting to associate, strongly and verifiably, your email address with your phone number.

        I agree with you but it is worth nothing that gmail supports multiple additional login types / 2FAs. Phone/SMS, secondary email, passkeys.
        The fundamental problem with a lot of online services is that they don't require an account name. My email address, something I share freely is not what I want to use for an account name (something that should be private). It's also what needs to be changed for dumb things like SSNs. Numbers should be public but how I prove that number belongs to me should be very pri

    • by hey00 ( 5046921 )

      With all the sites that have been hacked, at this point, you can assume your emails is on the dark web if you have used any of the major sites.

      Not necessarily, if you use several different addresses and only use your "real" one for limited important accounts. According to haveibeenpwned, my trash addresses are indeed everywhere on the darkweb, but my real one isn't. Or more accurately, isn't in any of the breach hibp is aware of. I still act as if it was though.

      By the way, isn't the google "feature" just a copy of haveibeenpwned?

      • by youn ( 1516637 )

        Kudos to you using throw away addresses, it's a good habit.

        With that said, this is not failproof.

        Your email address is still very likely available on hacker databases and if it isn't it is likely a matter of time... unless you haven't used it at all, you are not communicating with anyone else that has your address in their address book, etc... and if so why do you have an email address in the first place lol

    • Change your password if you haven't done so in a while, do so regularly.

      I think this is bad advice. My advice is simpler: Use a unique password for your email. Never use this password on any other login. Change your email password now if you have used the same password elsewhere.

      Then, add monitoring of your email address through the "Have I been pwned" site.

      • by youn ( 1516637 )

        I like monitoring your email address any way you find best and You are entitled to your own opinion.

        I also agree, Definitely change your password if you have reused your email password somewhere else.

        With that said, my previous message is GOOD advice and it's one thing that most security professionals can agree on... and it's hard to get them to agree on anything lol

        *I'll say it again, change your passwords regularly, don't reuse passwords, as annoying as it is.* (for multiple reasons)

        Even if it is

        • With that said, my previous message is GOOD advice and it's one thing that most security professionals can agree on... and it's hard to get them to agree on anything lol

          Not any more:
          https://www.packetlabs.net/pos... [packetlabs.net]
          https://www.ftc.gov/policy/adv... [ftc.gov]
          https://arstechnica.com/inform... [arstechnica.com]
          https://www.ncsc.gov.uk/blog-p... [ncsc.gov.uk]

          • by youn ( 1516637 )

            Basically what they say is that when they have guessed one transform, they have a better chance of guessing other transform which doesn't say it is a bad idea to change passwords.

            From the ftc article you pointed at,
            "If it will make you feel better or if you just feel like it’s time for a change, then by all means go ahead and change your password."

            I'm sorry it does make me feel better with the increased password vaults that have been cracked, constant breaches and it's not just the ones from the dark

  • by Dictator For Life ( 8829 ) on Thursday May 11, 2023 @08:52PM (#63515401) Homepage
    My kingdom for an editor. sigh
  • now that the horse has bolted.

  • ... the profile can be deleted from the monitoring ...

    This sounds useful but it breaks the 'don't trust a cloud service with ...' your PII, rule.

  • they don't like the competition.
  • Deep web monitoring when?

  • First, it was "Don't be evil", then it became "see no evil, hear no evil", and now they admit that there is no evil they are not personally involved in.
  • I thought that dark web was sites not crawled by (out of reach of) search engines.
    How does Google see them ?
    • by Anonymous Coward

      they crawl a couple then announce headlines

      like journalists know the fscking difference

  • Those whose VPN-Exit is in the US?

  • I get notifications frequently that my email is compromised! The problem is, they don't tell me from what site it was compromised. I have the same email address all over the place, but use strong, discrete passwords wherever I have banking or credit card info stored - which I try to avoid. So what is most likely compromised is a weak password that I use more commonly, which is unimportant as those sites aren't much more than social media/message boards and stuff that I don't care about.

    I expect this G
  • by Nkwe ( 604125 ) on Friday May 12, 2023 @11:53AM (#63516855)
    I thought that the "Dark Web" generally referred to content on the Internet that isn't indexed by the major search engines - content that you can't search for, discover, or access with common tools. If Google knows that an email address is on the dark web, then Google is indexing and crawling the dark web. If Google is indexing the dark web, why is it still dark? Is Google intentionally hiding the contents and keeping it dark? Could you say that Google is is a participant in the dark web? Inquiring minds want to know...
    • by leets ( 10372554 )
      Just saw the series "Hacking Google" on YouTube.
      The Google Security Team has an internal version of Google Search showing all the sites Google removed due to malicious content.
      These sites/links are not shown in the Google Search seen by the ordinary public.
      These sites might be what Google is calling their "Dark Web".
  • Can someone tell me how to get on the dark web? I really want to check it out.

  • This is still a paid thing for some anti virus services in 2023. The fact that Google is doing this freely means that even the old school TOR for the government net is so safe its like agitation propaganda with Bitcoin in 2009 if they say things are so bad now. Great but also not so great because that means the internet is officially from unofficially fully controlled.
    • This is still a paid thing for some anti virus services in 2023. The fact that Google is doing this freely means that even the old school TOR for the government net is so safe its like agitation propaganda with Bitcoin in 2009 if they say things are so bad now. Great but also not so great because that means the internet is officially from unofficially fully controlled.

      Argh I mean its still a paid plan though really close to being free so again internet is secure lol

Genius is ten percent inspiration and fifty percent capital gains.

Working...