How is the Exposed Credentials Risk Vector Observed? Ingrid Exposed Credential findings are identified by aggregated breached site data. The data is collected from public sources. Email addresses belonging to a company are matched to the information in the breached site database. To preserve business confidence and trust, we do not test that exposed credentials (such as using a username and password that were disclosed from a breached site) are valid. February 8, 2021: Published. Related articles Exposed Credentials Risk Vector Exposed Credentials Data Botnet Infections Risk Vector TLS/SSL Finding Remediation & Remediation Verification 4th Party Risk: Products Feedback 0 comments Please sign in to leave a comment.