Dark web monitoring

ActivityInfo.org relies on dark web monitoring services to perodically check for so-called “stealer logs” related to ActivityInfo users.

What is a “stealer log”?

The exponential growth of “infostealer” malware has been a key trend in cybercrime in recent years. Infostealer variants such as Redline, Raccoon, Titan, Aurora, and Vidar are now widely available, and easily deployed by low-skilled cybercriminals, casting a wide, indiscriminate net for primarily Windows laptops that lack anti-virus software.

These infostealer programs infect computers, and pull user names, passwords, and session tokens from the user’s browsers. The credentials are then transmitted back to the cybercriminal, who compiles them into a “stealer log” that is then packaged together with credentials from other users and sold on the darkweb or on telegram groups.


ActivityInfo relies on partners who monitor the sale of stealer logs. When a stealer log is posted for sale that includes an ActivityInfo user, the user will receive an automatic alert from ActivityInfo.org:

If the user has been invited to any ActivityInfo databases, then the database owners will also be notified.

Remedial action

As a database administrator, you should get into contact as soon as possible with your colleague to ensure that they are following the best practices outlined in the Securing your ActivityInfo account article.

If you are unable to reach them, you may want to temporarily remove their access until you can verify that there devices are secure.

Next item