Monitor and detect data leaks

Detect sensitive data published on paste-sites and the dark web
Digital Risk Protection Leak detection

Group-IB Digital Risk Protection monitors a range of open and dark web sources to uncover code repositories and other private information belonging to your organization.

Why is it important?

$15 bln
records were lost update
for 2020
of companies feel they are
vulnerable of data breaches
of companies are not confident in
their data security posture

How Group-IB Digital Risk Protection works:

Group-IB Digital Risk Protection monitors a wide range of online resources to discover code repositories and other private information relevant to your organization.
Open-source code repositories
Hacker/dark web forums
Breach databases
Leaks detection
The platform uses machine learning and the specified criteria to detect violations related to data leaks automatically.
Credentials leaks
Code leaks
Sensitive data leaks
BIN card leaks

What can be detected:

Public leaks

Type of threat

There are specialized websites for exchanging contextual information (such as paste-bin and analogous resources). They can be used to upload raw data and anyone can link to them. Both legitimate IT specialists and hackers actively use such resources.

Detection procedures

Group-IB collects text data from such resources into its central repository and indexes all texts.

Among the collected texts, experts identify those that can potentially relate to leaks (e.g., lists of passwords, email addresses, hashes, tables, output from security scanners, configuration files for network equipment) and may be related to the client (e.g., domain names, BIN numbers, external IP addresses, the names of its internal systems).

Git leaks

Type of threat

Open-source repositories, such as GitHub, contain codes that anyone can search through. They are often used by threat actors planning attacks against specific companies or industries.

Detection procedures

Group-IB Threat Intelligence & Attribution searches through the open and exclusive code resources for domain names, BINs, external IP addresses, or the names of internal systems belonging to customers and partners. If information is found, the entire repository is downloaded for long-term storage. Inside such repositories, Group-IB searches for signs of sensitive information such as logins and passwords, API keys, and bank card data. When such signs are detected, we notify administrators and users in accordance with internal policy to mitigate and remediate threats.

Breached Data Bases

Type of threat

Many hacked databases are published on hacker forums. Such databases can contain different sets of data, including logins, passwords, contact and other personal information of users. Attackers use these databases to form lists of usernames and passwords for subsequent attacks, for example, brute force or credential stuffing. In addition, leaked data can be used to launch attacks targeting specific individuals, such as company executives or VIPs.

Detection procedures

Group-IB collects information from leaked databases and searches for records associated with customer and partner domains. Ever breach that is identified is linked to the database from which it was identified, and what additional information has leaked for this user.


Type of threat

This component of the platform alerts organizations based on information collected from closed online forums that are not directly accessible from the internet. Cybercriminal groups use such forums to gather information and conduct business. Initially, only data relevant to your organization is displayed.

Detection procedures

Group-IB analysts and automated systems collect and classify various types of information to warn customers and partners against emerging attacks and trends.

Contact us to get more information about leak
detection functionality