Data Breach & Exposure Analysis
For our activities as a Red Team and Targeted Threat Intelligence Provider, we started almost two years ago to build our own data breach database with a focus on the geographical regions of our customers (primarily the DACH region). Currently, our database contains over 14.6 billion leaked data records of individuals. The majority of this data consists of:
- Username
- Password
- URL, if applicable
- possibly other metadata, e.g. mobile phone numbers, addresses, birthdays, etc.
New, up-to-date data is added to the database every week. For this purpose, we monitor special darknet platforms and channels where data obtained as part of malware campaigns is published. We supplement this data with data from publicly available sources that cannot be found in any database to date.
With our Data Breach Exposure Service, we can generate insights for you that help you to better understand the following aspects of your threat model:
- What risks is my company exposed to from data breaches and stolen data?
- Which of my internal or external employees are affected?
- Have (customer/partner) credentials to our portals been leaked?
- How secure are the passwords that my employees use for systems on the Internet?
- For which of my employees is there an increased threat?
- Are there any patterns that my employees frequently use in passwords?
- Are or have employees been affected by malware that leaks data?
- Which passwords are known on the darknet and should be excluded from use by the internal password policy?
Which domains are suited for an exposure analysis?
- Domains that have an MX resource record, i.e. domains via which emails are sent, as email addresses are often used as a login
- Domains that have subdomains on which services or applications with a login form are accessible
Report and documentation
As a result, you will receive a detailed report with statistics and findings on the leaked data, recommendations for improving security based on these findings, a machine-readable file with the raw data and the raw data in Excel format.
VIP exposure analysis
On request and with a corresponding declaration of consent, we also offer a VIP/management exposure service: Here we use additional techniques to identify and document the entire public digital footprint of a key person (e.g. CEO, IT admins, decision-makers, board members). Subject to a declaration of consent, we can also extend the analysis to other connected persons, such as family members.