Credential record data shown in a dark code editor.

Identity Exposure Intelligence

Leaked Credentials

Breach and credential records become more useful when normalized into a structured intelligence source with cross-source pivots.

>31BnCredential and user records
>625MCorrelated values
17.5kSuspected session token samples
>12MData points correlated to other Dendrite sources

The leaked credentials capability preserves the current site's focus on more than 31 billion credential and user records enriched by cross-source correlations.

>31Bn credential and user records

Validates the scale of normalized breach and credential data available for exposure review, enrichment, and identity-focused investigation.

>625M correlated values

Shows the correlation layer used to connect leaked records to identities, organizations, domains, infrastructure, and related context.

>12M data points correlated to other Dendrite sources

Connects credential exposure to broader internet intelligence, including dark web, infrastructure, and cross-source investigation pivots.

What it is

Identity Exposure Intelligence

The leaked credentials capability turns breach data into a structured intelligence source for investigation and exposure management.

Data coverage

What data it covers

Workflow

How it works

  1. Normalize breach records
  2. Correlate identities to organizations and infrastructure
  3. Score relevance and confidence
  4. Expose investigation-ready pivots

Analyst use

How teams use it

Audience

Built for Credentials users.

Credential exposure intelligence correlated to organizations, identities, infrastructure, and other Dendrite sources.

Identity security teams

Identify exposed accounts, prioritize credential risk, and connect breach records to organizational identity context.

SOC analysts

Enrich alerts, suspicious logins, and account activity with credential exposure context and related investigation pivots.

CISOs and risk leaders

Understand credential exposure at organizational scale and translate breach intelligence into risk, remediation, and reporting priorities.

Vendor risk teams

Assess third-party credential exposure and related domains, identities, or infrastructure that may affect vendor and partner risk.

Features

What the capability supports.

Breach record normalization

Convert heterogeneous breach data into consistent records that can be searched, scored, correlated, and used in operational workflows.

Identity-to-organization correlation

Connect exposed identities to organizations, domains, and related context so teams can distinguish relevant risk from background noise.

Session token exposure context

Surface suspected token exposure and related metadata so analysts can evaluate account compromise and session abuse risk.

Cross-source credential pivots

Link credential records to dark web, infrastructure, and other Dendrite sources to support deeper investigation paths.

Use cases

Operational paths for Credentials.

Identify exposed organizational accounts

Find exposed accounts tied to specific domains, organizations, or identity patterns so teams can prioritize remediation.

Support targeted security education

Use exposure context to inform focused awareness, password hygiene, and account protection efforts for affected user groups.

Investigate social engineering and identity risk

Connect leaked credentials, identity context, and related infrastructure to assess phishing, impersonation, and account takeover risk.

Data flow

Credential records to identity risk context

Leaked Credentials normalizes exposure data and connects it to organizations, identities, and infrastructure.

Leaked Credentials normalizes exposure data and connects it to organizations, identities, and infrastructure.

Input

Source data

  • Credential records
  • Identity graph records
  • Session token samples
  • Organization and domain exposure

Processing

Correlation path

  • Normalize
  • Correlate
  • Score
  • Pivot
  • Report

Output

Analyst workflow

  • Identify exposed organizational accounts
  • Support targeted security education
  • Investigate social engineering and identity risk

Delivery

Available where the workflow needs it.

Delivery options for Credentials: API, CLI, Unified Web Platform, Dataset export.

API

API

  • Query credential, identity, and exposure context programmatically
  • Enrich IAM, SOC, fraud, and case-management workflows
  • Automate pivots between domains, users, records, and Dendrite sources

CLI

CLI

  • Run targeted exposure lookups from analyst workstations
  • Pull credential context into repeatable investigation workflows
  • Support rapid checks during incident response or account review

Platform

Unified Web Platform

  • Explore credential exposure and identity relationships in graph workflows
  • Review affected organizations, domains, and related records
  • Coordinate remediation and investigation context across teams

Dataset export

Dataset export

  • Receive scoped credential and identity datasets for offline analysis
  • Support bulk exposure review, enrichment, and risk modeling
  • Preserve relevant credential context inside customer-controlled environments

Related

Connected capabilities

Operationalize

Put Credentials into the workflow.

Talk with Dendrite about access, delivery options, and the right starting point for your team.