Exposed Credentials Data Ingrid View a company's Exposed Credentials data in the Rating Details page. Navigation Options SPM App: Organization ➔ Rating Details CM App: Vendor Risk ➔ Rating Details Insurance App: Client Risk ➔ Rating Details In the Exposed Credentials section of the Rating Details page, select the Details button to see the data. Admin and Group Admin can download Exposed Credentials data for your My Company and My Subsidiary in the Security Posture Management application. The Exposed Credentials data download is only available in the SPM app.The details include: Account Available in the CSV download. CSV column: account Breached Site The location where exposed data originated. CSV column: breach_name Description Information about the breach event or record source, typically with links to the original source report where applicable. Domains The current domains of this company that are affected. Exposure Date The date when records were exposed. CSV column: event_date Observation Date The date of observation by Bitsight. CSV column: observation_date Records The total number of the company's exposed credential records. This count does include duplicate emails, if there was additional unique data that was available (e.g., distinct passwords) with full details available in Identity Intelligence. Select View Details to view records per domain for a single breach. Record Count The total number of times unique data (e.g., distinct passwords) was exposed in a breach, with full details available in Identity Intelligence. CSV column: record_count Disclosed AttributesTypes of sensitive details that are identified within compromised sources:The actual contents of the attributes are not shown, in correspondence with our Privacy Policy. Date of Birth Demographic information about the owner of the disclosed account. Typically used by organizations for verification purposes. Email Addresses Any email addresses associated with the information in a disclosed user account, typically used for signup or notifications. Gender Demographic information about the owner of the disclosed user account. Hashed Passwords Passwords for this disclosed account were hashed (using SHA-1, for example), so that the original passwords were obscured, but not salted, making them vulnerable to dictionary attacks. IP Addresses The network addresses that the owner of the disclosed account used to sign in to and access the compromised source. Known Languages Demographic information about the owner of the disclosed account. Name Typically the real-world name of the owner of the disclosed account. Password Hints Any text stored by the user to help them remember what their password might be. Passwords Passwords for this disclosed account were not stored in encrypted form. Personal Phone Numbers Contact information for the owner of the disclosed account. Physical Address Typically the mailing address of the owner of the disclosed user account. Physical Characteristics Arbitrary text typically used on social networking or dating sites. Race Demographic information about the owner of the disclosed account. Relationship Status Demographic information about the owner of the disclosed account. Salted Hashed Passwords Passwords for this disclosed account were hashed and a modifier used during hashing to make the stored password extremely difficult to guess. Security Questions User-supplied questions, and sometimes answers, for verification purposes. Sexual Orientation Demographic information about the owner of the disclosed account. Social Network Accounts Identifies on what other social network websites the owner of the disclosed account has additional accounts. User Photograph Typically an image of the owner of the disclosed account. Usernames Any user names associated with the information in a disclosed user account. Work Phone Number Contact information for the owner of the disclosed account. Identity Intelligence PreviewIdentity Intelligence is a premium product offering from the Cybersixgill product suite. A preview (of the aggregated data Identity Intelligence provides) is presented in the new Identity Intelligence preview card in the Exposed Credentials section of Rating Details.Identity Intelligence offers: Fast insight, with alerts about new credentials as they are discovered. Detailed information about credentials belonging to the organization that may have been compromised. More credentials than the standard Exposed Credentials data in most cases. Password policy filtering, email exclusions, and correlation with identity providers (IdP). Identification of repeatedly leaked credentials automatically. Available for your own organization through the Security Posture Management application.Only Admin and Group Admin can preview Identity Intelligence data. See permissions.Identity Intelligence TermsCompromised Credentials are the Identity Intelligence version of Exposed Credentials. Identity Intelligence continuously and automatically scours the underground for compromised and exposed credentials from various sources such as data dumps from known breaches, unattributed or anonymous leaks, underground chatter, stealer logs from private sources, and compromised credentials sold on log markets.Access for sale is an exclusive capability of Identity Intelligence that displays information on compromised devices, typically via stealer malware, that is available for purchase across underground markets. This data is based on the assets (domains and IPs) that are listed in an organization’s attack surface.Identity Intelligence DataThe Exposed Credentials risk vector and Identity Intelligence products use different data sources that are not yet integrated. Identity Intelligence metrics are not inclusive of Exposed Credential risk vector data.We may only use a sample subset of your organization’s domains to derive the Premium metrics in the card. In these cases, there might be more data than what is shown on the card. The card is for illustrative purposes only. Access for sale last year: Accounts with access for sale in the last 365 days from Identity Intelligence. This Identity Intelligence exclusive capability has no equivalent in Exposed Credentials, so it is always empty “-” in the Standard column. Detected in the last 7 days: Individual credentials across leak events in the last 7 days from Observation Date and Identity Intelligence equivalent. Detected in the last year: Individual credentials across leak events in the last 365 days from Observation Date and the Identity Intelligence equivalent. Premium numbers: Counted from the premium Identity Intelligence data source. Standard numbers: Counted from the standard Exposed Credentials risk vector data. March 25, 2026: Security Posture Management rebrand. September 10, 2025: Record count. April 11, 2025: CSV column names. March 25, 2025: Identity Intelligence Preview. January 14, 2024: Access clarifications. Related articles Exposed Credentials Risk Vector User Permissions How is the Exposed Credentials Risk Vector Observed? Rating Details Exposed Credentials API Endpoint Feedback 0 comments Please sign in to leave a comment.