>31Bn credential and user records
Validates the scale of normalized breach and credential data available for exposure review, enrichment, and identity-focused investigation.


Identity Exposure Intelligence
Breach and credential records become more useful when normalized into a structured intelligence source with cross-source pivots.
The leaked credentials capability preserves the current site's focus on more than 31 billion credential and user records enriched by cross-source correlations.
Validates the scale of normalized breach and credential data available for exposure review, enrichment, and identity-focused investigation.
Shows the correlation layer used to connect leaked records to identities, organizations, domains, infrastructure, and related context.
Connects credential exposure to broader internet intelligence, including dark web, infrastructure, and cross-source investigation pivots.
What it is
The leaked credentials capability turns breach data into a structured intelligence source for investigation and exposure management.
Data coverage
Workflow
Analyst use
Audience
Credential exposure intelligence correlated to organizations, identities, infrastructure, and other Dendrite sources.
Identify exposed accounts, prioritize credential risk, and connect breach records to organizational identity context.
Enrich alerts, suspicious logins, and account activity with credential exposure context and related investigation pivots.
Understand credential exposure at organizational scale and translate breach intelligence into risk, remediation, and reporting priorities.
Assess third-party credential exposure and related domains, identities, or infrastructure that may affect vendor and partner risk.
Features
Convert heterogeneous breach data into consistent records that can be searched, scored, correlated, and used in operational workflows.
Connect exposed identities to organizations, domains, and related context so teams can distinguish relevant risk from background noise.
Surface suspected token exposure and related metadata so analysts can evaluate account compromise and session abuse risk.
Link credential records to dark web, infrastructure, and other Dendrite sources to support deeper investigation paths.
Use cases
Find exposed accounts tied to specific domains, organizations, or identity patterns so teams can prioritize remediation.
Use exposure context to inform focused awareness, password hygiene, and account protection efforts for affected user groups.
Connect leaked credentials, identity context, and related infrastructure to assess phishing, impersonation, and account takeover risk.
Data flow
Leaked Credentials normalizes exposure data and connects it to organizations, identities, and infrastructure.
Leaked Credentials normalizes exposure data and connects it to organizations, identities, and infrastructure.
Input
Processing
Output
Delivery
Delivery options for Credentials: API, CLI, Unified Web Platform, Dataset export.
API
CLI
Platform
Dataset export
Related
Dark Web Intelligence
Active collection, characterization, and correlation of dark web services, users, communication hubs, and historical records.
Command & Control Intelligence
Perpetual enumeration, fingerprinting, and monitoring of C2 infrastructure connected to malware campaigns and threat actor activity.
Cryptocurrency Data Intelligence
Cryptocurrency data correlated to wallets, services, dark web activity, infrastructure, and investigation-ready entity context.
Collaborative Intelligence Workspace
A graphical workspace for exploring Dendrite and supported third-party data, coordinating investigations, and sharing intelligence.
Operationalize
Talk with Dendrite about access, delivery options, and the right starting point for your team.