Exposed Credentials Data

View a company's Exposed Credentials data in the Rating Details page.

• In the Exposed Credentials section of the Rating Details page, select the Details button to see the data.
• Admin and Group Admin can download Exposed Credentials data for your My Company and My Subsidiary in the Security Performance Management application.

The Exposed Credentials data download is only available in the SPM app.

The details include:

Account

Available in the CSV download.

CSV column: account

Breached Site

The location where exposed data originated.

CSV column: breach_name

Description

Information about the breach event or record source, typically with links to the original source report where applicable.

Domains

The current domains of this company that are affected.

Exposure Date

The date when records were exposed.

CSV column: event_date

Observation Date

The date of observation by Bitsight.

CSV column: observation_date

Records

The total number of the company's exposed credential records. This count does include duplicate emails, if there was additional unique data that was available (e.g., distinct passwords) with full details available in Identity Intelligence.

Select View Details to view records per domain for

a single breach.

Record Count

The total number of times unique data (e.g., distinct passwords) was exposed in a breach, with full details available in Identity Intelligence.

CSV column: record_count

Disclosed Attributes

Types of sensitive details that are identified within compromised sources:

Date of Birth

Demographic information about the owner of the disclosed account. Typically used by organizations for verification purposes.

Email Addresses

Any email addresses associated with the information in a disclosed user account, typically used for signup or notifications.

Gender

Demographic information about the owner of the disclosed user account.

Hashed Passwords

Passwords for this disclosed account were hashed (using SHA-1, for example), so that the original passwords were obscured, but not salted, making them vulnerable to dictionary attacks.

IP Addresses

The network addresses that the owner of the disclosed account used to sign in to and access the compromised source.

Known Languages

Demographic information about the owner of the disclosed account.

Name

Typically the real-world name of the owner of the disclosed account.

Password Hints

Any text stored by the user to help them remember what their password might be.

Passwords

Passwords for this disclosed account were not stored in encrypted form.

Personal Phone Numbers

Contact information for the owner of the disclosed account.

Physical Address

Typically the mailing address of the owner of the disclosed user account.

Physical Characteristics

Arbitrary text typically used on social networking or dating sites.

Race

Demographic information about the owner of the disclosed account.

Relationship Status

Demographic information about the owner of the disclosed account.

Salted Hashed Passwords

Passwords for this disclosed account were hashed and a modifier used during hashing to make the stored password extremely difficult to guess.

Security Questions

User-supplied questions, and sometimes answers, for verification purposes.

Sexual Orientation

Demographic information about the owner of the disclosed account.

Social Network Accounts

Identifies on what other social network websites the owner of the disclosed account has additional accounts.

User Photograph

Typically an image of the owner of the disclosed account.

Usernames

Any user names associated with the information in a disclosed user account.

Work Phone Number

Contact information for the owner of the disclosed account.

Identity Intelligence Preview

Identity Intelligence is a premium product offering from the Cybersixgill product suite. A preview (of the aggregated data Identity Intelligence provides) is presented in the new Identity Intelligence preview card in the Exposed Credentials section of Rating Details.

Identity Intelligence offers:

• Fast insight, with alerts about new credentials as they are discovered.
• Detailed information about credentials belonging to the organization that may have been compromised.
• More credentials than the standard Exposed Credentials data in most cases.
• Password policy filtering, email exclusions, and correlation with identity providers (IdP).
• Identification of repeatedly leaked credentials automatically.

Identity Intelligence Terms

Compromised Credentials are the Identity Intelligence version of Exposed Credentials. Identity Intelligence continuously and automatically scours the underground for compromised and exposed credentials from various sources such as data dumps from known breaches, unattributed or anonymous leaks, underground chatter, stealer logs from private sources, and compromised credentials sold on log markets.

Access for sale is an exclusive capability of Identity Intelligence that displays information on compromised devices, typically via stealer malware, that is available for purchase across underground markets. This data is based on the assets (domains and IPs) that are listed in an organization’s attack surface.

Identity Intelligence Data

The Exposed Credentials risk vector and Identity Intelligence products use different data sources that are not yet integrated. Identity Intelligence metrics are not inclusive of Exposed Credential risk vector data.

• Access for sale last year: Accounts with access for sale in the last 365 days from Identity Intelligence. This Identity Intelligence exclusive capability has no equivalent in Exposed Credentials, so it is always empty “-” in the Standard column.
• Detected in the last 7 days: Individual credentials across leak events in the last 7 days from Observation Date and Identity Intelligence equivalent.
• Detected in the last year: Individual credentials across leak events in the last 365 days from Observation Date and the Identity Intelligence equivalent.
• Premium numbers: Counted from the premium Identity Intelligence data source.
• Standard numbers: Counted from the standard Exposed Credentials risk vector data.