[TeddyBear060]

Clever for sure. But I wonder how they can identify the leaked account even if they actively scan web / deep web. I mean it's not because Carlos Sanchez is for sale somewhere that it's my "insider".

[graystevens]

Creator here – There are a few ways we can detect a breach/leak using our Insiders.

1. The unique email address assigned to the Insider is contacted. We gather forensic evidence of the email along with any attachments. Useful to identify specific attacks against your users too.

2. An optional real mobile number assigned to your Insider is contacted. Again, we store all of the details, including the original SMS details or even call recordings.

3. Your Insider shows up on the Internet or dark web somewhere - we check a number of common sources for dumps, such as Pastebin for any references to the Insider. We currently keep a copy of the contents of the paste, as the original details could be removed at any time. However, we are working on better captures (full page screenshots, entire copy of the DOM etc.)

We are working a few more detection methods too, which we shall reveal soon...

[JimDabell]

Any plans to work with credit bureaus? I just mentioned last week[0] that credit checks against canary records could be an effective way to combat identity theft.

[0] https://twitter.com/JimDabell/status/935433996787384320

[graystevens]

Would love to – We have quite a few cool features and interesting link ups that we would love to do, and this is certainly one of them.

[TeddyBear060]

It sounds great. Thank you for the explanation.

[code_duck]

The match would be if there's a Carlos Sanchez combined with a specific email or phone number.

[TeddyBear060]

I see. Thanks.