Views:

Learn more about how Cyber Risk Exposure Management monitors for your organization's data leaked on the dark web.

Cyber criminals phish users and exploit vulnerabilities in websites, databases, networks, and web apps to gain access to confidential data, such as user credentials. This information is then often traded or sold on underground online platforms, commonly known as the dark web.
Trend Micro specialists constantly monitor the internet, particularly the dark web, for leaked data. Once such data is identified, it is validated and ingested into Cyber Risk Exposure Management. When you register a domain in Trend Vision One, a scan is performed to verify whether the domain user data has been compromised by a leak—with historical data back to 2010. Afterward, Cyber Risk Exposure Management performs additional scans on a weekly basis.
In Operations Dashboard, data leaks are represented by the Leaked Account Identification risk event. The following items can be listed in the compromisedFields field, which indicates the types of data compromised in the leak:
Data type
Description
name
Name
surname
Surname
fullname
Full name
dob
Date of birth
ssn
Social Security Number (US), or Número de Afiliación de Seguridad Social or Número de Usuario de Seguridad Social (Spain)
nid
National Identification Number (Europe)
sin
Social Insurance Number (Canada)
passport
Passport number
tax_id
Tax identification number
driving_license
Driver's license number
address
Full address
city
City of the address
state
State of the address
zip
Zip code of the address
country
Country of the address
phone
Telephone number
telephone
Telephone number
email
Email address
username
Username
password
Password
insurance_provider
Insurance provider
insurance_account
Insurance account number
medical_info
Medical insurance account number
bank_account
Bank account number
iban
International bank account number
credit_card
Credit card number
mother_name
Mother's maiden name
domain
Email domain
company
Company name
Tip
Tip
  • If leaked data types include email, username or password, assess whether there was additional damage by checking for account compromise risks, such as password guessing or impossible travel, around the date of the leak.
  • Trend Micro recommends that you reset the password of all accounts compromised by a leak, as well as the password of any other accounts that use the same password.