Cred Watch

Credentials are not just usernames and passwords – any information that can be used by a determined hacker to go past any authentication system are ‘credentials.’ Did you know that most people reuse passwords across multiple sites, so if your personal shopping website had a breach, then those credentials could be used for your bank or business? Even if they are different, stolen credentials are used as seeding information for other websites.

credWATCH is a specialized extension of breachWATCH.

credWATCH is a service that is constantly on the lookout for stolen credentials in credential dumps, public repositories, dark web commerce sites (as part of darkWATCH) and social media chatter.

As part of our initial engagement, it is important that you help us identify critical (what we call VIP) credentials, as well as the personal email ID’s of your people to enable our information gathering and analysis to locate stolen credentials better and faster.

Remember, even with 2FA, stolen credentials help hackers get at least one of the factors, significantly weakening the advantages of multi-factor authentication.

Public websites like, even with the massive database they have, comprise no more than 20% of accounts that are available in some part or the other of the web.

credWATCH is a specialized spin-off from phishWATCH and has the following services:

Compromised IDs

We look for ID’s on compromised sites and platforms, notably on the dark web. The unfortunate truth is that developers still store passwords in plain text and millions of these credentials leak every year. You need to be alerted that some of your user passwords need to be changed immediately.


Some user IDs need to be private (this is not about the password, but of the emails themselves), to prevent spam, solicitation or mail flooding attacks. We alert you if these VIP email IDs make it to lists and other credential dumps across the internet.

Risk Ratings

To filter the grain from the chaff, we apply heuristics to assign risk ratings so that you can prioritize your efforts on the highest risk assets first.

Request A Demo