A ton of sensitive data makes it way to the dark web via inadvertent leaks from within the organization. We have covered code leaks (that often include API keys and login information) under code watch.
We have found employee information, senior management contact information, pre-release marketing and promotional material and more – that users had posted by mistake, but which was publicly accessible.
Get notified of these errors quickly with our leak watch service:
On a regular schedule every document that publicly accessible is downloaded and verified for leaks of sensitive information. This is the most common leak vector as there are staging servers that are used for testing, and other locations that are used for internal and external share of documents.
Beyond the common download locations, we scrape the entire website to hunt for information that should not be available even to the most determined hunter.
We pay special attention to critical information like emails ID’s, API keys, login credentials and more across our search of your websites and documents that can be downloaded.
We scan the social media for internal documents that might have made their way to there, and scan these for sensitive information.