Security News > 2021 > April > Dark Hash Collisions: New Service Confidentially Finds Leaked Passwords
There are methods of checking whether passwords are on the dark web and consequently at risk of being used in credential stuffing; but this generally requires giving the user details to another company.
A new service from HackNotice solves this problem: Dark Hash Collisions.
Even though no identifiable personal data leaves the customer, HackNotice now has all it needs to determine what passwords associated with each user are available to hackers on the dark web - and consequently present a risk of credential stuffing attacks.
For every half hash the customer passes to HackNotice, it is likely to receive many compromised passwords back.
"It will depend on the number of passwords we see for each username, but on average we'll see anywhere from 4 to a dozen passwords for very distinct usernames, and tens of thousands for very common usernames."
The bottom line is that Dark Hash Collisions can safely detect all a customer's users that have been compromised and consequently present a risk of credential stuffing.