DarkWebCheck™ — Has your data been exposed? — Red Flagg™
What is a DarkWebCheck™

Your data is probably already out there. We find it. We tell you exactly what to do.

Every major Australian breach — Optus, Medibank, Latitude, MediSecure — put real people's details into criminal hands. Most victims never find out until a scammer uses it against them.

Free tools tell you which breaches you appeared in. We tell you what was taken, what it means for you personally, and what to do about it — then a qualified analyst calls you to walk through every finding in plain English. That is the difference a human makes.
How it works
1
Buy and give us your email address
Secure payment upfront. Your email is checked, never sold, never shared.
2
Your named analyst runs the check
Searched against global breach databases, stealer logs, and dark web forums. Every result verified by a human.
3
Your 21-page report arrives in 5 to 7 business days
Plain English. Breach cards. Severity tags. A personal action plan written by your analyst.
4
Your analyst calls to walk you through it
30-minute call, 8am to 8pm, 7 days. Every finding explained. Prefer email? We do that too.
Choose your check

Get your report. Know exactly where you stand.

One-off. No subscription. No lock-in. NFP rates on every tier. Serving Australia, USA and South Africa.

Secure payment upfront.· Report within 5 to 7 business days.· Analyst call on every product.· Full refund if we fall short of our Service Standard.
DarkWebCheck™

Standard Scan

$120per person · one-off
Includes 30-minute analyst walkthrough call

Full breach scan. A named analyst writes your 21-page personalised report and calls you to explain every finding in plain English.

Digital · 5 to 7 business days
  • Full breach scan vs global database
  • 21-page personalised analyst-written report
  • Severity-tagged breach cards — plain English
  • 30-minute walkthrough call, 8am–8pm, 7 days
  • Annual rescan alert included
Buy Standard — $120 →

Your email is used only for your check. Never sold or shared.

Your 21-page report includes
Every breach your email appeared in, with a plain English explanation of what each company is, what was taken, why it matters, and exactly what to do. Severity tags tell you which ones to act on immediately. Includes a full action plan and Australian context note covering Optus, Medibank, Latitude and other major local breaches.
The analyst call
Your named analyst calls you after your report arrives. They walk through every finding, answer every question, and make sure you know exactly what to do next. Prefer email over a call? Let us know when you order. We do that too.
Clean result?
A clean result is valuable. We confirm exactly what we searched and provide written documentation that your email did not appear. Knowing you are clear is worth knowing.
Refund policy
Full $120 refund if your report or call does not meet our published Service Standard. Contact us within 14 days of receiving your report.
Most popular
DarkWebCheck™ — Advanced

Deep Scan

$190per person · one-off
Everything in Standard, plus stealer log lookup and up to 5 email addresses

The most comprehensive personal check available. Includes stealer log lookup — checking whether your credentials were captured live by malware. Free tools cannot do this.

Digital · 5 to 7 business days
  • Everything in Standard
  • Stealer log lookup — live credential capture check
  • K-anonymity email search (your email never sent in plaintext)
  • Up to 5 additional email addresses or aliases
  • Per-account exposure deep-dive — risk ranked
  • 30-minute analyst walkthrough call
Buy Deep Scan — $190 →

Your email is used only for your check. Never sold or shared.

What stealer log lookup means
Stealer logs are databases of credentials captured in real time by malware on a victim's device. If your credentials appear in a stealer log, they were taken directly from your device, not just a company's database. Free tools like HIBP cannot check stealer logs.
K-anonymity email search
Your full email is never sent to any external system. Only a partial hash is used, meaning your email cannot be intercepted or logged during the check. Privacy by design.
Who Deep Scan is for
Healthcare workers. Finance and legal professionals. Anyone with multiple professional email addresses. Anyone who wants the most comprehensive picture available after a major breach.
DarkWebCheck™ Business

Business

$750up to 25 staff · one-off
$30 per staff member. $27.50 each beyond 25.
The average business email compromise costs Australian SMBs $48,000 in direct losses. A DarkWebCheck™ Business costs $750.
    Already on a Red Flagg™ plan? DarkWebCheck™ Business is included — speak to your analyst.
  • Up to 25 staff email addresses checked
  • Consolidated report — risk ranked per staff member
  • 45-minute director briefing call
  • ACSC Essential Eight action plan included
  • No subscription — one-off engagement
Buy Now — $750 →

Enter your staff email addresses in the notes field at checkout.

The director briefing call
45 minutes with your senior analyst. They walk through the consolidated report, identify which staff are highest risk, and what actions the business needs to take. The output is a board-ready risk summary and an ACSC Essential Eight action plan.
More than 25 staff?
Add $27.50 per additional staff member beyond 25. Email us and we will quote within one business day.
Want to see a sample business report?
Email hello@redflagg.com.au and we will send a redacted example before you commit.

Not sure which is right for you? Most individuals start with Standard. Healthcare and legal professionals choose Deep Scan. Businesses of any size use Business.

Ask us →
Flip through a real report

This is exactly what lands in your inbox.

Sample data used for privacy. Every other element — the breach cards, severity tags, action plan, analyst call details — is exactly what you receive.

Click to zoom Report page 1 showing breach findings
Page 1 of 4
Inside the full report

Six pages. This is what a real report looks like.

Sample data only. Every design element, breach card, and analyst note is exactly what your report contains. Click any page to zoom.

Page 1 — Your breach results
Page 1 — Your breach results
Page 1 — Continued
Page 1 — Continued
Page 2 — Stealer log & exposure table
Page 2 — Stealer log & exposure table
Page 2 — Continued
Page 2 — Continued
Page 3 — Your action plan
Page 3 — Your action plan
Page 21 — FAQs & analyst sign-off
Page 21 — FAQs & analyst sign-off
Click any page to zoom in
What our customers say

Real results. Real Australians.

Red Flagg helped us build a real reporting culture across our team. Staff who previously ignored suspicious emails are now flagging them straight away. That change alone has made a genuine difference to how safe we feel day to day.

Key customer contact
Not for profit organisation — Victoria

Having a team that actively manages our Microsoft environment and sends us a clear monthly report has changed how our leadership thinks about cyber security. It is no longer something we worry about — it is something we manage.

Chief Executive Officer
Community services organisation — Australia

I had no idea my LinkedIn password from 2016 was still circulating. The report was clear, not frightening, and the analyst call answered every question I had before I even thought to ask it. Worth every dollar.

Practice manager
Healthcare — New South Wales

Most people who come to us assume they are fine. In eleven years of doing this, I have never had a clean run. There is always something. Better to know.

Samira A.
Senior Cyber Analyst — Red Flagg™ Melbourne
Who is it for

If you have an email address, your data is probably already somewhere it should not be.

Individuals and families

Anyone who used Optus, Medibank, or Latitude — your personal details, home address, and Medicare number may be in circulation. Most people do not find out for years.

Seniors and retirees

Medibank 2022 exposed the private health claims of 9.7 million Australians. If you were ever a Medibank customer, your health history may be on the dark web.

Scam and hack victims

Scammers use breach data to target victims repeatedly. A DarkWebCheck tells you exactly how exposed you are and what else may be at risk.

Small businesses

Business email compromise is the most costly cyber attack facing Australian SMBs. If your staff credentials are in a breach, attackers can impersonate your business today.

Healthcare workers

MediSecure 2024 exposed Medicare numbers and healthcare identifiers for 12.9 million Australians. Healthcare workers are among the most heavily targeted groups.

NFPs and community organisations

Non-profit organisations handle sensitive donor and client data. NFP rates apply on every tier — just ask. We serve aged care, disability, and community health.

Common questions

Everything you need to know before you buy

Have I Been Pwned tells you which breaches your email appeared in. A DarkWebCheck tells you what was actually taken, what risk that creates for you personally, and exactly what to do about it. We also check stealer logs — databases of credentials captured live by malware — which free tools cannot access. Then a qualified analyst calls you to walk through every finding in plain English.

Payment is made upfront at the time of ordering. Your 21-page report is delivered within 5 to 7 business days from when we receive your email address and payment. Your analyst will then contact you to arrange the walkthrough call at a time that suits you. One business day response on all enquiries.

Yes. Red Flagg™ serves customers in Australia, the United States, and South Africa. The DarkWebCheck™ product searches global breach databases and stealer logs regardless of where you are located. For US customers, major breaches including T-Mobile 2023, AT&T 2024, and Change Healthcare 2024 are specifically included. Analyst calls are scheduled to suit your timezone.

A clean result is valuable. Your analyst will document exactly what was searched, confirm your email did not appear in any known breach or stealer log, and provide written confirmation. You also receive the annual rescan alert so you are notified immediately if anything changes.

If your report or analyst call does not meet our published Service Standard, we will refund your payment in full. No questions asked. Contact us at hello@redflagg.com.au within 14 days of receiving your report. We have never had to issue a refund — but the guarantee exists because we stand behind everything we deliver.

Still not sure if your data is out there?

That is exactly why you need the report.
Don't guess. Know.

Email us first. We will point you in the right direction, recommend the right product, and answer any questions before you spend a dollar.

Or call 1800 930 329 — 8am to 8pm, 7 days

Your email is used only for your check. Never sold, shared, or stored beyond your engagement.

DarkWebCheck™ from $120 Get my report