Question: would a leaked credential monitoring service be worth it?

Started by Q-Feeds, November 11, 2025, 10:56:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 11, 2025, 10:56:40 AM Last Edit: November 11, 2025, 11:00:58 AM by Q-Feeds Reason: improve formatting
On our roadmap one of the next major upgrades to our Threat Intelligence Portal would be to add a service where you can monitor on Leaked Credentials. The way the service would work is that a user submits their email addresses and we monitor f.e. the dark web for any leaks. This goes beyond the haveibeenpwned service since we will also include info stealer logs and the actuall password hash + maybe partly show the password so you can easily verify the validity.

  • Would you be interested in such service?
  • Are you already using a service like this?
  • What would be your desired features regarding this?
  • Would you be willing to pay for it? And if so, how much? (realistically)

Your Threat Intelligence Partner  qfeeds.com
November 11, 2025, 09:44:10 PM #1
Interest would be on place,

Personally I use haveibeenpwned or the native checkup implemented within the Bitwarden client, having as part of the EASM would be great (this would be a good addition to the toolkit as such).

QuoteWhat would be your desired features regarding this?
Honestly if possible as well to show:
1. When it was leaked
2. Who did leak it
3. The reach, where it was spread, possible sites, forums etc. (I think this does go hand with hand with darknet?)
4. What was the reason for the leak, like type of attack
5. If you want to show the partial password, this needs to be taken in a careful non static matter (for example you decide to show first 4 letter, but what if password has only 4 letter? I know its stupid but its something to consider)
6. Possibility to obtain the data that was leaked, for example if its publicly accessible to scrub it and show (could go good with 5.)

In regards of the matter of payed tool, this would be extra as addition to the subscriptions? Because I think it should be within the sub itself. Depending how good it will be plus and premium. Because there is haveibeenpwned which is free, so the price needs to reflect the value ;)

Regards,
S.

Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
November 11, 2025, 10:14:46 PM #2
Thanks for your feedback we'll take it with us in our planning. And of course safety first!
We're not sure yet on pricing, just asking.  First we need to determine the value indeed, then we can make an estimate of our costs etc.

Your Threat Intelligence Partner  qfeeds.com
November 11, 2025, 10:38:07 PM #3
Knowing my e-mail addresses have been leaked is not interesting unless I always know the specific site from which it was leaked.

My working security assumptions are that the world already knows my name, address, phone number, e-mail addresses and probabilistically I am more likely to have been born on a particular one among my many dates of birth. haveibeenpwned confirms the e-mail aspect.

Therefore, if I know of the specific site of a new leak then I can change that password from abundant caution. Otherwise, I really do not care, my security being in heaps of entropy, 2FA where available, and tossing phishers into spam.

Thus, the marginal price I might pay would be zero without that feature of original loss site, little chance of more with it. Small businesses can lose data without anyone really noticing except your information turns up on the web, and losses from large businesses appear in the news.

That wasn't very promising, sorry. I would consider it if it were made available.
Deciso DEC697
Today at 03:25:00 AM #4
Quote from: passeri on November 11, 2025, 10:38:07 PM... I always know the specific site from which it was leaked...

Some email providers allow the use of aliases in the form of site+user@domain.com: forumOPN+mikemyers@gmail.com
Today at 11:07:03 AM #5 Last Edit: Today at 11:11:04 AM by passeri
Coincidentally I have this evening (my time) received an alert from haveibeenpwned about an aggregated list from Synthient last April, in which list an email and password appear. Given that list gathers previous material the alert probably repeats previous rather than being new. In any case, without knowing the breach source there is really nothing to do if passwords are strong and never reused. Criminals are not going to expend centuries trying to brute-force long random strings and state actors would not be interested in me.

This is still in the vein of saying of course my e-mail is known, and in some cases they can see the lock (hashed password) but breaking it is another matter so why jump on hearing someone else knows my email and a singular lock? If it were to something critical then I will hear from the organisation and can act as a precaution, though all critical assets have 2FA anyway.

While other people may have a different view, I am not seeing credential monitoring as worth the investment unless it can tell me precisely on which site the breach occurred.

Edit to add: I am my own e-mail provider, and have for many years kept anything important out of e-mail unless the message itself has strong encryption.
Deciso DEC697
Print
Go Up Pages1
User actions