Credentials are not just usernames and passwords – any information that can be used by a determined hacker to go past any authentication system are ‘credentials.’ Did you know that most people reuse passwords across multiple sites, so if your personal shopping website had a breach, then those credentials could be used for your bank or business? Even if they are different, stolen credentials are used as seeding information for other websites.
credWATCH is a specialized extension of breachWATCH.
credWATCH is a service that is constantly on the lookout for stolen credentials in credential dumps, public repositories, dark web commerce sites (as part of darkWATCH) and social media chatter.
Remember, even with 2FA, stolen credentials help hackers get at least one of the factors, significantly weakening the advantages of multi-factor authentication.
Public websites like https://haveibeenpwned.com/, even with the massive database they have, comprise no more than 20% of accounts that are available in some part or the other of the web.
credWATCH is a specialized spin-off from phishWATCH and has the following services:
We look for ID’s on compromised sites and platforms, notably on the dark web. The unfortunate truth is that developers still store passwords in plain text and millions of these credentials leak every year. You need to be alerted that some of your user passwords need to be changed immediately.
Some user IDs need to be private (this is not about the password, but of the emails themselves), to prevent spam, solicitation or mail flooding attacks. We alert you if these VIP email IDs make it to lists and other credential dumps across the internet.
To filter the grain from the chaff, we apply heuristics to assign risk ratings so that you can prioritize your efforts on the highest risk assets first.