Skip to main content

HackNotice General FAQ

HackNotice Support
Updated

What is HackNotice?

HackNotice is an attacker-intelligence platform that gives organizations real-time visibility into the threats targeting their workforce, customers, and third-party vendors. By monitoring dark-web sources, infostealer logs, breach dumps, ransomware sites, and global cyber events, HackNotice provides actionable insights into:

  • Who is attacking you

  • What data has been exposed

  • Which accounts, vendors, or identities are at risk

  • How attackers are operating

  • Whether your data or your partners’ data has been impacted

We help security teams take action before it’s too late by surfacing real attacker activity—across your organization, supply chain, and user base.

How is HackNotice different from traditional threat intelligence?

Traditional threat intelligence often focuses on high-level reporting, generic threat feeds, or indicators of compromise (IOCs). HackNotice goes beyond this by providing:

  • Operational, identity-level intelligence

  • Real-time leaked credential visibility

  • Infostealer malware insights tied to your users or vendors

  • Ransomware gang tracking and TTP analysis

  • Vendor breach monitoring and supply-chain risk scoring

  • Historical and strategic dashboards built on one of the largest leaked-record datasets in the world

It is threat intelligence that is directly tied to your ecosystem—your domains, your vendors, your users.

How does HackNotice detect if my organization or accounts are impacted?

HackNotice continuously monitors dark-web and threat-actor sources for:

  • Compromised credentials

  • Exfiltrated data

  • Ransomware events

  • Credential dumps

  • Infostealer logs

  • Breach disclosures

  • High-risk leaked information

When we find information tied to your monitored domains, users, or vendors, we immediately push an alert through email, push, and/or API depending on your configuration.

If HackNotice detects leaked data, what happens next?

Alerts include:

  • The compromised identifier (email, domain, vendor name, etc.)

  • The source type and file name

  • What information was exposed

  • When and where it was found

  • Threat actor indicators, when available

  • Recommendations or next steps

Security teams can then route alerts using Tiered Alerts, push them into their SIEM/SOAR, or initiate internal remediation workflows such as forced resets or vendor outreach.

Do I still need HackNotice if I already have antivirus or EDR?

Yes. Antivirus/EDR protects against incoming threats on endpoints.
HackNotice protects against external attacker activity that has already occurred, such as:

  • Credentials stolen via infostealer malware before they reach your environment

  • Password reuse attacks

  • Vendor data breaches

  • Ransomware-driven supply chain exposure

  • Compromised accounts being sold or circulated online

HackNotice complements endpoint tools by giving you visibility where antivirus cannot—across the dark web, your vendors, and your user accounts.

How does HackNotice help with third-party and supply-chain risk?

HackNotice gives you real-time insight into:

  • Vendor breaches

  • Vendor leakage volumes

  • Vendor ransomware events

  • Threat actor campaigns targeting your supply chain

  • Fourth-party (your vendors’ vendors) exposure

  • Risk scoring via Threat Factor

  • Historical breach timelines

  • Spikes in leaked vendor data correlated with known increases in cyber incidents

This allows you to quickly determine whether a vendor introduces material risk to your organization and take action.

Can HackNotice help with cyber insurance?

Absolutely. Many insurers use HackNotice data during underwriting to evaluate:

  • Dark-web exposure

  • Credential compromise

  • Vendor ecosystem risk

  • Identity-driven attack likelihood

Customers have reported smoother insurance discussions, better justification for coverage changes, and improved renewal outcomes when leveraging HackNotice insights.

Does HackNotice replace security awareness training?

No—HackNotice is not a replacement for training platforms.
Instead, HackNotice provides operational intelligence that helps security teams prevent:

  • Account takeover

  • Identity compromise

  • Vendor-driven incidents

  • Infostealer-based lateral movement

  • Targeted social engineering attacks

Our focus is on real-time attacker activity and exposure—not simulated phishing or classroom-style training.

What data does HackNotice collect? Do you store customer credentials?

HackNotice never collects or stores:

  • Customer passwords

  • Customer input data

  • Sensitive internal data from your environment

We only analyze dark-web, breach, and attacker sources publicly circulating leaked information.
Our AI models do not train on customer-provided data.

Full details are available in our internal policy documents and SOC 2 Type II report.

How quickly does HackNotice detect new breaches or exposures?

HackNotice processes intelligence from hundreds of sources continuously throughout the day.
New exposures can be detected, indexed, and alerted within minutes, depending on source type.

How often is my organization checked for new activity?

All monitored domains, vendors, and users are automatically rechecked multiple times per day against new breach files, infostealer logs, and threat-actor reports.
No manual re-scanning is required.

Can HackNotice integrate with my SIEM, SOAR, or identity platform?

Yes. HackNotice integrates with:

  • SIEM platforms (Sentinel, Splunk, Rapid7, Falcon LogScale, etc.)

  • SOAR and orchestration tools

  • Identity and access management workflows

  • Automated password reset processes

  • Directory systems for syncing active employees (AD/Entra)

  • Internal dashboards and pipelines via API

You can export alerts in JSON or CSV, automate investigations, and build response workflows.

What does onboarding look like?

Most customers are enabled in under an hour.
A typical onboarding includes:

  1. Setting up First Party, End User, and/or Third Party watchlists

  2. Configuring Tiered Alerts

  3. Enabling dashboards for monitoring trends

  4. Optional: Setting up SIEM ingestion or Active Directory syncing

  5. Guided best-practice recommendations from your HackNotice representative

How do I get help or additional information?

You can contact your HackNotice representative anytime or email support@hacknotice.com.

To schedule a demo or learn more, visit our website or request a consultation through your account team.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.