That could be someone posting sensitive company records, or discussing a planned attack, or selling a vulnerability in software a company uses.
Old sites do go down, or get taken down, and new ones pop up, said Terbium Labs CEO Danny Rogers.
"But they're typically discussed on other forums, so our crawler will naturally discover them," he said. "It changes more on a monthly pace rather than a weekly or daily pace. It's actually not too hard to keep up with it."
Rogers declined to explain how his company accessed members-only forums, but did say that they're able to automatically collect the information shared on these sites.
More than that, Terbium offers a search service Matchlight that allows enterprise customers to search for proprietary information via a fingerprint.
"It's a blind search technology," said Rogers. "We give clients the ability to search this index in an automated way without revealing to us what they're searching for."
The core feature of Matchlight allow enterprises to set up alerts for data that they want to monitor for, such as customer lists, or trade secrets.
"The faster they can find out that there's a data leak, the faster they can kick off their response, and the less damage will occur," he said.
For example, if the scan shows that the data is being distributed on a legitimate, law-abiding site, the enterprise can request that it be taken down. If the data is credit card numbers, they can be canceled quickly, before criminals can make fraudulent charges.
And if a company is aware that there's a leak, they can find it and shut it down before more damage is done.
One of the customers using Matchlight is Sonatype, which will be using the service to keep and eye out for any sign of its open source software database.
"The golden asset for us is our metadata which describes the attributes of open source code," said Sonatype's Jackson. "Our plan is to use Matchlight to make sure that this metadata doesn't show up on either the dark or light web."
Another vendor, Somerville, Mass.-based Recorded Future, Inc., can create a fingerprint based on the hardware and software that an enterprise has deployed, then search the Dark Web for new vulnerabilities identified in those systems as well as also looking for mentions of the company or its employees, IP addresses, or email addresses.
"We also help people look at industry-level trends," said Nick Espinoza, the company's product engineer.
Recorded Future senior analyst Scott Donnelly added that cybercriminals don't just limit themselves to forums on the Dark Web.
"Bad guys have to stick their heads out if they want to sell what they stole," he said. They're even on Twitter, he added. "They love their hashtags."
Sign up for CIO Asia eNewsletters.