I get emails from my monitoring service to say that my information has >>> found "on the darkweb" but it doesn't give any indication as to what s or
what credentials may have been stolen.
I get those sometimes too. I know one of them for a fact was an old account I had on roll20.net, and my password was revealed. But since I use a different password for everything anyway, it wasn't a concern.
Here's the deal though: a lot of times, what happens in these breaches is that someone gets a trove of data (usually in the GB or TB range) from a website that didn't secure their servers, and makes a post on a darkweb site (there are many onion sites for hacking and skimming) offering to sell the data to the highest bidder. They don't release anything to prove they have the data, or a sample to prove its actually useful for a buyer, but they usually post something along the lines of "five days ago, (enter some cheesy hacker name) (then follow up with a bunch of technical jargon ripped from a different cheesy 80s hacker film) and got this massive batch of several million users. 1 user for 100 BTC, 10 for 1000, etc." with whatever price they feel like setting.
What actually is contained in those breaches is usually nothing more than usernames and hashes, maybe login time data, or some other metadata. Its very rare (but not impossible) to actually have your password exposed.
If you really want to dig in, start by learning how to access onion sites, and then find an onion search engine or directory, it won't take more than a few minutes to find one of these sites and see for yourself. Every time I browse them, they just reek of 12-year-olds larping to each other. Its the darkweb version of mall ninjas.
--- Mystic BBS v1.12 A47 2021/08/10 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (700:100/37)