Credential Monitoring.
Continuous scanning of public breach databases, dark-web forums, and credential dumps for matches against a user's email or password — used to alert users to reset credentials before attackers exploit them.
The k-anonymity lookup pattern is what makes credential monitoring privacy-safe: the client computes the SHA-1 hash of the password, sends only the first 5 hex characters to the lookup service (which returns all hashes matching that prefix), and compares locally to identify matches. The server never sees the full hash, the client never exposes the password itself. Use this pattern; never send full credentials to a third-party lookup service.
Common questions
How does credential monitoring work without exposing user passwords?
Should I check the breached-password list on every login?
What's the difference between credential monitoring and dark-web monitoring?