Dark Web Monitoring for Spanning Backup for Google Workspace FAQ

What is Dark Web Monitoring in Spanning Backup for Google Workspace

Spanning Backup for Google Workspace Dark Web Monitoring is a premium feature for securing your Google Workspace tenant and other properties from compromised credentials that have been detected on the dark web. Dark Web Monitoring alerts Google Workspace administrators when their employee's emails and passwords have been compromised enabling them to take proactive steps to secure accounts at risk. They can then leverage Google Workspace’s powerful audit reporting and Spanning search capabilities to determine if malicious activity has taken place and restore any corrupted data in just a few clicks.

Why can I see passwords in the list of compromised credentials?

When Spanning Backup for Google Workspace receives breach data for a domain it may include the entire plain text password or a password hash. Spanning truncates the password to 10 characters and masks the last 5 before we store it in our database or show it to an administrator. We feel that the IT Admin doesn't need the whole password to have the conversation with the person who is breached. They can say "Do you still use a password that starts with 'passw*****'?" And still have a meaningful conversation about the significance of strong passwords and password security.

Why are there accounts in the list that are not in Google Workspace Directory?

Spanning Backup for Google Workspace Dark Web Monitoring is domain level protection. Domains in the tenant are evaluated for compromised credentials and the result of the monitoring can result in accounts that are associated with your domain but may not be an active account in Google Workspace. For example, the Acme Corp Marketing department maintains a social media presence using “marketing@acmecorp.com”. This marketing address is not associated with an Google Workspace account, it is just an email alias. This email address and the password “mypass@word” are used to secure Canva, Twitter, Facebook, and Instagram. If these credentials are part of the Instagram or Canva breaches, they would appear in the Dark Web Monitoring report as “marketing@acmecorp.com” and “mypas*****”. Even though there is no user account in Google Workspace Directory this breached account represents a risk to the Acme Corp social media presence if the password is reused.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section