Blog | Constella Intelligence

Turning Dark Web Chaos into Scalable Identity Intelligence

Dan Mathews on April 23, 2025

Why Curated Dark Web Identity Data Is Critical for CTI and OSINT Platform Success

For platforms that serve cyber threat intelligence (CTI) and open-source intelligence (OSINT) professionals – such as link analysis tools, identity verification platforms, or investigative search engines – providing reliable dark web and breach data as part of your offering is a major value driver.

But collecting, cleaning, and operationalizing identity data from the deep and dark web is anything but straightforward.

If you want to provide users with high-confidence signals on identity compromise, persona development, or infrastructure mapping, you face serious challenges behind the scenes:

Navigating underground sources compliantly in line with U.S. Department of Justice (DOJ) guidelines
Securing data from malware-laced and offensive content dumps
Decoding inconsistent schemas and deduplicating massive data volumes
Maintaining a scalable, validated ingestion pipeline that stays current as the threat landscape evolves

Managing this in-house is resource-intensive and risky – distracting your team from building the user-facing features and analytics your customers actually want.

Why Building an Internal Dark Web Collection Pipeline Rarely Pays Off

The operational, legal, and technical hurdles of sourcing and sanitizing dark web data are substantial:

Forums shut down or migrate regularly, requiring constant source maintenance
Many breach dumps include malware, booby-trapped files, or illicit content requiring extreme operational security measures
Data formats vary widely, from SQL dumps to JSON logs to infostealer artifacts
Legal gray areas exist around data acquisition and distribution without proper protocols

Without deep domain expertise, even well-funded platform teams risk introducing compliance liabilities or unscalable ingestion bottlenecks. That’s why many leaders are turning to trusted third-party providers who specialize in curated, compliant identity breach and exposure signals.

The Right Data Partner Helps You Solve Real Business Problems

By sourcing identity signals through a specialized provider, your platform can immediately power high-value use cases for your customers:

Identity Attribute Corroboration

Confirm that identity attributes (email, username, phone number) are legitimate or compromised by validating against structured breach data.

Improve investigative confidence for OSINT users
Enhance identity verification and fraud prevention workflows

Identity Compromise Detection

Identify exposed credentials and compromised accounts in real time – especially from infostealer logs and emerging breach leaks.

Enable alerting, risk scoring, or step-up authentication triggers for downstream users

Identity Risk Scoring

Score identities based on breach history, exposure recency, and dark web associations.

Feed enriched risk indicators into fraud platforms, identity verification engines, or analyst dashboards

By integrating normalized identity breach signals into your platform, you empower your customers to make faster, more confident decisions—without burdening your own team with risky or resource-draining backend operations.

Why Data Quality, Compliance, and Curation Matter

Not all breach or dark web data is created equal.

If your platform relies on raw breach dumps or unvetted infostealer collections, you risk:

High false positive rates
Malware exposure to internal systems
Analyst frustration due to noisy, unusable results

Choosing a data source that emphasizes compliance, curation, and structured enrichment ensures your platform can deliver trusted intelligence at scale – and keeps your team focused on feature innovation, not dark web plumbing.

Closing Thought: Power Your Platform with Ready-to-Use Identity Signals

Your users rely on your platform to surface timely, actionable intelligence – not spend days sorting through messy breach dumps.

By integrating curated, compliant identity signals sourced from the deep and dark web, you help your customers uncover compromise, corroborate identities, and assess risk – at the speed and scale they expect.

Constella Intelligence offers the world’s largest structured identity data lake, covering breach exposures, infostealer logs, and underground forum activity. Our Threat Intelligence Identity Signals API is purpose-built for platform integration, so you can deliver identity-centric OSINT without the collection and curation burden.

Turn dark web chaos into actionable intelligence for your platform. See how Constella’s Threat Intelligence Identity Signals API delivers the curated, scalable signals you need—without the operational burden.

MailChimp Under Attack: How Cybercriminals Are Exploiting Email Marketing Platforms

Alberto Casares on March 26, 2025

At Constella, we’ve spent years analyzing how cybercriminals execute attacks that affect organizations of all sizes, whether they’re startups, local businesses, or global enterprises. One of the most revealing recent cases involves the abuse of Email Marketing Platforms like MailChimp, whose accounts are being compromised through account takeover (ATO), phishing, and social engineering tactics. These attacks are not only persistent, they’re scaling globally and affecting multiple sectors with serious consequences.

What Makes Email Marketing Platform, MailChimp, an Ideal Target?

MailChimp has long been a critical communication tool for marketing teams, tech newsletters, and even cybersecurity organizations. Access to a MailChimp account typically gives attackers:

Full lists of subscribers and contact information
The ability to send mass emails from a trusted source
The potential to impersonate trusted brands and individuals
Intelligence on marketing or internal communication strategies

Even with multi-factor authentication (MFA), many of these accounts are being accessed by bypassing traditional login processes.

How? Through the use of stolen session cookies. Infostealers, malware families designed to extract stored credentials, browser cookies, and app data, are a common threat vector. Once cookies are exfiltrated, attackers can bypass login flows entirely, rendering MFA useless.

Thousands of new fresh infections in the last few days

In just the last few days, Constella has detected +1.2K newly infected devices that contained MailChimp credentials. These are not historical records, they are fresh net new infections, actively putting sensitive accounts at risk.

What’s more, this data highlights a worrying trend: attackers are increasingly targeting corporate environments, not just personal users. Many of the domains associated with these infections belong to legitimate businesses across multiple sectors and geographies.

Global Spread: Countries Most Affected

A recent analysis of infections paints a clear picture of the global nature of this threat. The following countries are seeing the highest rates of MailChimp-related compromises in the past month:

Mexico (13.46%)
Australia (8.65%)
Colombia (8.65%)
Brazil (5.77%)
France (5.77%)
India (4.81%)

These infections are not just hitting random individuals; they’re breaching the digital walls of corporations, nonprofits, and educational institutions alike.

Targeted Sectors: Who’s Being Hit?

By filtering recent infostealers logs, we’ve identified that the following sectors are among the most impacted by this type of threat:

The sectors most affected include:

Education

Educational institutions continue to be attractive targets due to legacy systems and limited cybersecurity resources. These platforms often support large-scale virtual learning environments, making them vulnerable to entry points.

Marketing & Digital Media

Companies offering marketing and digital solutions are high-value targets due to the client data they process. These organizations often operate in highly connected ecosystems, making lateral movement easier for attackers once inside.

Technology & IT Services

Tech companies, including software developers and IT solution providers, also featured heavily. This sector represents both a high-risk and high-reward category for threat actors due to their access to other clients’ systems.

Retail & eCommerce

Retailers, especially smaller or niche e-commerce shops. These businesses often lack robust security teams, making them soft targets for credential harvesting and carding operations.

Healthcare & Industrial Automation

These organizations are attractive targets not just because of their mailing lists, but because of the trust associated with their brand identity. When an attacker sends an email from a legitimate MailChimp account tied to one of these domains, recipients are far more likely to open and engage with it.

Cookie Theft and MFA Bypass: A Silent Killer

Even when organizations implement MFA on their services (which, notably, isn’t universally enforced by organizations itself), attackers are finding ways in. One of the more alarming methods involves stealing authentication cookies through infostealers like RedLine, Raccoon, or Lumma, among others.

These cookies are then used to impersonate a logged-in session—allowing full access to accounts without ever needing to enter a password or second factor. It’s stealthy, effective, and often undetected until damage is done.

Constella’s Commitment

At Constella, we continuously monitor infostealer data, and exposed corporate credentials in real time. Our goal is to help businesses understand not only whether their data is exposed, but also what kind of attacks can originate from that exposure.

If your organization uses MailChimp, or if you suspect credentials may have been compromised in the past month, it’s time to take action. The threat is real, active, and spreading fast.

Want to know if your domain is affected? Reach out to our threat intelligence team, we’re here to help.

The MSSP Advantage: Elevating Executive Digital Risk Protection in 2025

Jason Wagner on February 19, 2025

For Managed Security Service Providers (MSSPs), cybersecurity isn’t just about protecting networks and endpoints anymore. As businesses become more digitally connected, security threats are shifting beyond the enterprise perimeter – targeting the people at the top.

Executives, board members, and other high-profile leaders are increasingly at risk of phishing attacks, impersonation scams, and dark web exposure. Cybercriminals know that an executive’s email account, credentials, or digital identity can be the key to accessing sensitive corporate data, financial transactions, or even brand reputation.

This shift presents a huge opportunity for MSSPs. By offering executive digital risk protection, MSSPs can help clients proactively manage digital risks beyond the firewall – strengthening security postures while creating a high-value, differentiated service.

Executive Digital Risk Protection: Smart Move for MSSPs

Executive Cyber Risks Go Beyond Traditional Security Tools

Most companies already have endpoint detection, firewalls, and email security solutions in place. But even with these protections, executives are still vulnerable because:

Their personal information is widely available online, making them easy targets for phishing and social engineering.
Cybercriminals buy and sell leaked executive credentials on the dark web, giving them a direct way into corporate networks.
Fake LinkedIn or Twitter profiles can impersonate executives, tricking employees, customers, or investors into engaging with a fraudulent identity.

Unlike a typical cyberattack, these threats don’t trigger alerts in a SIEM or firewall—they happen outside the company’s infrastructure, making them harder to detect. That’s where MSSPs can step in.

Proactive Threat Monitoring Adds Real Value for Clients

Executive digital protection is all about getting ahead of risks before they turn into full-blown security incidents. MSSPs can provide a critical service by monitoring:

Dark web forums and marketplaces for leaked executive credentials.
Social media platforms for fake accounts or impersonation attempts.
Online mentions of executives in connection to cyber threats, fraud, or brand risks.

How Constella Hunter+ Empowers MSSPs

To offer scalable and effective executive protection, MSSPs need a powerful digital risk monitoring solution that provides real-time intelligence across multiple threat vectors.

Constella Hunter+ is a digital risk protection platform designed to give MSSPs:
✔ Comprehensive coverage of the surface, deep, and dark web to detect executive threats early.
✔ Automated alerts for leaked credentials, impersonation attempts, and emerging risks.
✔ Seamless integration with SOC operations, enabling MSSPs to provide continuous, proactive monitoring without adding operational burden.

By leveraging Hunter+, MSSPs can deliver actionable intelligence, helping clients address threats before they escalate – enhancing security postures while strengthening client trust.

Digital Risk Protection is a Differentiator in a Crowded Market

In the MSSP space, competition is fierce. Many providers offer the same core services – SOC monitoring, endpoint security, phishing protection. But executive digital protection is still an emerging area, meaning MSSPs that move fast can stand out from the competition.

It’s a high-value, low-touch service. With the right automated intelligence tools, MSSPs can monitor executive threats without adding major overhead to security teams.
It strengthens client relationships. Offering proactive security tailored to executives helps build trust and long-term partnerships.
It creates new revenue streams. Many organizations are willing to invest more in security for their leadership teams – MSSPs can package digital risk protection into premium service tiers.

In short, this isn’t just another security add-on – it’s a strategic offering that aligns with how businesses think about risk.

How MSSPs Can Implement Executive Digital Risk Protection

For MSSPs looking to get started, here’s a practical approach to rolling out executive-focused security services.

Step 1: Assess Digital Exposure

The first step is understanding what’s already out there. MSSPs can help clients conduct an executive risk assessment looking at:

Publicly available executive information (home addresses, emails, phone numbers).
Exposed credentials from past data breaches.
Fake or unauthorized executive social media profiles.

Step 2: Set Up Real-Time Monitoring

Using automated intelligence tools, MSSPs can track:

Dark web activity related to executives.
Social media and domain impersonations attempting fraud or scams.
Mentions of executives on cybercrime forums or threat intelligence feeds.

Step 3: Guide Clients on Reducing Their Digital Footprint

MSSPs can advise executives and security teams on steps to minimize risk, such as:

Removing personal data from public databases.
Strengthening security settings on personal and corporate accounts.
Training leadership teams to recognize impersonation and phishing tactics.

Step 4: Align with Corporate Security Teams

Digital risk protection works best when integrated into the broader security strategy. MSSPs should:

Work with CISOs and IT leaders to ensure executive security aligns with overall risk management.
Incorporate executive monitoring into existing security reports.
Help create incident response plans for executive-specific threats.

By taking a structured, proactive approach, MSSPs can deliver executive digital protection in a way that scales and provides long-term value.

Why Now is the Right Time for MSSPs to Act

The cybersecurity industry is shifting from reactive to proactive security. Clients aren’t just looking for firewalls and endpoint protection anymore – they want intelligence-driven security that helps them stay ahead of emerging threats.

Offering executive digital protection isn’t just a smart business move – it’s a natural evolution of the MSSP role.

Next Steps for MSSPs:

✔ Start with an executive risk assessment – understand the vulnerabilities your clients face.
✔ Identify the right digital risk intelligence tools to integrate into your SOC or managed security platform.
✔ Position executive protection as a premium, proactive security service.

Security teams are looking for trusted partners who offer more than just traditional cybersecurity. MSSPs that lead the way in executive digital protection will set themselves apart, strengthen client relationships, and build new revenue opportunities in a rapidly evolving threat landscape.

The Digital Executive: How to Protect Your Personal and Professional Digital Footprint

Jason Wagner on February 6, 2025

Executives today operate in an increasingly connected world, where their digital presence is often as visible as their professional reputation. From corporate bios and media interviews to personal social media activity, an executive’s digital footprint is extensive –and, if left unprotected, a cyber and physical security risk.

Recent high-profile incidents, including the tragic killing of UnitedHealth executive Brian Thompson and the Sony Pictures cyberattack, have underscored the real-world consequences of digital exposure. Cybercriminals, bad actors, and even disgruntled employees can exploit personal and professional information to launch phishing attacks, impersonation scams, and even physical threats.

To stay ahead of these risks, executives need proactive strategies to minimize their online exposure, strengthen their digital security, and protect both their personal safety and corporate reputation.

What is an Executive’s Digital Footprint?

An executive’s digital footprint includes all personal and professional information that can be found online, including:

Personal data such as home addresses, family members & details, financial records, and phone numbers found through data brokers or public records.
Corporate presence, including biographies on company websites, conference speaker listings, media appearances, and LinkedIn profiles.
Leaked or stolen personal information or credentials from personal and corporate email accounts that have been exposed in past data breaches.
Social media activity that reveals locations, travel patterns, and professional associations.

This information is an invaluable asset to any criminal, not only cybercriminals, who can use it for targeted attacks, impersonation, and even real-world threats.

Why an Unprotected Digital Footprint is a Security Risk

Cyber Threats: Phishing and Credential Exploits

Executives are prime targets for impersonation, phishing scams and credential attacks. If an attacker gains access to an executive’s email, they can impersonate them to authorize fraudulent transactions, leak sensitive corporate data, or gain deeper access to company systems.

Real-World Example: The New York Times Cyberattack
In 2013, hackers infiltrated The New York Times after the newspaper published an article about China’s Prime Minister. The attackers gained access to reporters' emails and confidential internal documents, demonstrating how high-profile individuals are often targeted by cyber espionage.

Physical Security Risks: Stalking and Doxxing

A digital footprint isn’t just a cyber risk—it can become a physical security threat. If an executive’s home address, travel schedule, or personal details are exposed online, they and their families become vulnerable to harassment, stalking, or worse.

Real-World Example: The Murder of UnitedHealth Executive Brian Thompson
Brian Thompson, an executive at UnitedHealth Group, was tragically shot in what law enforcement described as a targeted attack. While the full details remain under investigation, the incident has heightened concerns around executive security, particularly for those whose personal details are publicly accessible.

Reputation and Brand Damage

Executives are the public face of their organizations. If they become the target of a cyberattack, the fallout can extend far beyond personal risk – it can impact corporate reputation, stock prices, and public trust.

Real-World Example: The Sony Pictures Cyberattack
In 2014, hackers breached Sony Pictures Entertainment, leaking confidential executive emails, employee records, and unreleased films. The attack caused severe reputational damage, disrupted operations, and led to millions in financial losses.

Executives should view digital footprint protection as part of corporate risk management, not just personal cybersecurity.

How Executives Can Protect Their Digital Footprint

Reduce Publicly Available Information

Remove all personal information found on both public and dark web sources
Continually monitor and adjust social media privacy settings to minimize or remove any exposures.
Eliminate posting travel plans, family photos, or location updates online.

Monitor for Digital Threats in Real Time

Use threat intelligence tools to track online chatter about executives.
Monitor dark web forums for leaked credentials and impersonation attempts.
Set up real-time alerts for mentions of executive names in hacker communities.

Strengthen Password and Authentication Security

Use unique, complex passwords for all accounts.
Enable multi-factor authentication (MFA) on email, financial, and business accounts.
Conduct regular security audits to check for leaked credentials.

Train Executives on Digital Security Risks

Provide social engineering awareness training to help executives spot phishing attempts.
Educate leadership teams on deepfake threats and impersonation scams.
Develop incident response protocols for personal cybersecurity breaches.

Align Digital and Physical Security Measures

Work with corporate security teams to integrate cyber threat intelligence with physical protection plans.
Implement travel security protocols for executives visiting high-risk locations.
Use secure communication channels instead of personal messaging apps or unencrypted emails.

Path Forward: Solutions for Strengthening Executive Digital Protection

While proactive steps like removing personal data, improving password security, and limiting social media exposure can reduce risk, a truly effective executive protection strategy requires real-time digital threat monitoring.

Constella’s Hunter+ is a digital risk protection platform that provides unmatched visibility into executives’ external digital footprints, detecting threats before they escalate.

Key Features of Hunter+:

Continuous Monitoring across the surface, deep, and dark web for executive credentials, exposed identities, and impersonations.
Proactive Alerts for risks like network breaches, account takeovers, and leaked executive data.
Comprehensive Awareness through an all-in-one risk dashboard covering social media, dark web forums, and exposed personal data.
Operationalized Protection that integrates with existing SOC and response workflows, accelerating mitigation efforts.

By continuously monitoring for external digital threats, Hunter+ empowers organizations to:

Mitigate risks before they become attacks.
Enhance security teams’ efficiency through automated monitoring.
Protect executives and their families from cyber and physical threats.

A Secure Executive is a Resilient Executive

The modern executive is a high-value target for cybercriminals, activists, and corporate adversaries. Protecting an executive’s digital footprint is not just a personal concern – it’s a business imperative.

By taking proactive steps to minimize digital exposure, monitor threats in real-time, and integrate digital security with physical protection, companies can reduce risks, protect corporate leaders, and safeguard their business reputation.

Want to assess your executive team’s digital exposure? Download our free executive risk checklist today and learn how Constella Hunter+ can help strengthen your security posture.

How Ransomware Attacks Dismantled a 150-Year-Old Company: The Knights of Old Case

Alberto Casares on January 7, 2025

In today’s digital age, ransomware attacks have escalated to unprecedented levels, threatening businesses of all sizes and industries. The attack on the British logistics firm Knights of Old Group (KNP Logistics) in 2023 is a grim reminder of how devastating these attacks can be. Once a thriving company with a 150-year legacy, Knights of Old was forced to cease operations due to a crippling ransomware attack, displacing over 700 employees and ending decades of business continuity.

The Fall of Knights of Old: A Timeline of Devastation

According to The Times, the attack on Knights of Old began on June 26, 2023, when threat actors infiltrated the company’s network. The attackers, leveraging stolen credentials, gained access to sensitive systems and deployed Akira ransomware. Their message, later posted online, highlighted their intention to publish the company’s corporate and customer data, further intensifying the pressure through double extortion tactics.

The attackers mocked the company, stating: “Delivering freight when you’re a knight is not as convenient. Perhaps Knight’s honor prevented them from contacting us to discuss the data we got from their network. We will share their corporate information here. There is also a database with customers’ data. Everything will be uploaded soon.”

Despite adhering to international data security standards and having cyber insurance, Knights of Old could not recover from the operational and reputational damage inflicted by the attack. By September 2023, the company had ceased operations entirely, marking a significant loss for the logistics industry.

The Rising Tide of Ransomware Attacks

The plight of Knights of Old is not an isolated incident. Ransomware attacks have surged globally, with a staggering 105% increase in incidents reported between 2022 and 2023, according to cybersecurity firm Sophos. Threat actors are becoming more organized, often using data harvested by infostealers to craft highly targeted attacks.

Infostealers, such as RedLine and Raccoon, have become critical tools in the ransomware supply chain. These malicious programs harvest login credentials, system information, and other sensitive data from compromised devices. This data is then sold on underground forums, providing ransomware gangs with the resources needed to infiltrate corporate networks.

A Growing List of High-Profile Victims

Colonial Pipeline (2021): Stolen VPN credentials allowed attackers to deploy ransomware, causing fuel shortages across the U.S.
CWT Global (2020): Attackers leveraged credentials from an infostealer to demand a $4.5 million ransom, later negotiated to $4.2 million.
Nvidia (2022): While primarily a data breach, the attackers used stolen data to threaten ransomware deployment.

The increasing collaboration between infostealer developers and ransomware operators highlights the importance of understanding the interconnected nature of these threats.

Lessons Learned from Knights of Old

The tragic downfall of Knights of Old underscores several critical lessons for businesses aiming to protect themselves from similar fates:

Invest in Proactive Security Measures: Advanced endpoint protection, continuous network monitoring, and robust incident response plans are essential.
Implement Multi-Factor Authentication (MFA): This can prevent attackers from using stolen credentials to access sensitive systems.
Conduct Regular Employee Training: Phishing remains a leading entry point for infostealers. Educating employees on recognizing and reporting suspicious activity is crucial.
Leverage Threat Intelligence: Monitoring the dark web for compromised credentials can provide early warning signs of potential attacks.
Backup Critical Data: Secure and offline backups ensure data recovery even if ransomware encryption occurs.

The Broader Implications of Ransomware’s Rise

The closure of Knights of Old is a stark example of how ransomware can dismantle even well-established organizations. As The Times article highlights, the global economy’s reliance on digital infrastructure has made businesses increasingly vulnerable to these attacks. With ransomware incidents growing in frequency and sophistication, no organization is immune.

Cybersecurity experts warn that the intertwining of infostealers and ransomware marks a new era of cybercrime. By selling harvested data to the highest bidder, infostealer operators fuel a cycle of exploitation that culminates in devastating ransomware attacks.

Conclusion

The fall of Knights of Old serves as a powerful reminder of the stakes involved in today’s cybersecurity landscape. Organizations must prioritize comprehensive defense strategies, recognizing that the cost of inaction is far greater than the investment in proactive measures.

Ransomware is not just an IT problem—it’s a business continuity crisis. By learning from incidents like Knights of Old, businesses can better prepare for the challenges ahead, ensuring their resilience in an increasingly hostile digital world.

For more insights into the evolving threat landscape, explore our detailed analyses on Constella.ai.

The Expanding Threat of Financial Hacks: Beyond Financial Accounts

Alberto Casares on December 31, 2024

While many associate financial hacks with stolen funds, recent incidents reveal a more complex landscape. Cybercriminals are increasingly targeting confidential employee information, which can lead to tailored phishing attacks, extortion, reputational harm, and internal disruptions within financial institutions. This blog continues our previous exploration of cybersecurity challenges in the banking and financial sector, focusing on recent breaches highlighting evolving threats to employees and customers.

The exposure of employee data—such as organizational roles, personal contact details, and work-related credentials—has become a lucrative asset for threat actors. This information enables attackers to craft convincing phishing campaigns, impersonate executives, and infiltrate critical systems. Beyond immediate financial risks, these breaches subject employees to extortion attempts, psychological distress, and potential damage to their professional reputations. Such scenarios not only harm individuals but also undermine trust in the organization as a whole.

For customers, the risks extend far beyond compromised accounts. Even when financial details remain secure, leaked personal information such as addresses, phone numbers, or account identifiers can enable identity theft and scams. Attackers often exploit this data to impersonate individuals, apply for loans, or facilitate broader fraud.

As these breaches grow in scale and sophistication, financial institutions face mounting pressure to safeguard not just customer accounts but the broader ecosystem of sensitive data. This analysis delves into recent breaches to shed light on these pressing issues and the proactive measures required to mitigate their impact.

Recent Financial Hacks & Breaches Analyzed by Constella Intelligence

1. VTB Bank – Customer Database Breach

A post on an underground forum claims to offer data allegedly linked to VTB Bank in Russia, including over 1.9 million unique email addresses. The exposed data includes personal identifiers critical for launching identity theft or phishing attacks. Given the breadth of data compromised, customers and employees alike are at risk of targeted fraud and scams.

Exposed Fields:

Names
Emails
Phone numbers
Physical addresses
Dates of birth

2. Izipay – Customer Data Breach

Izipay, a major payment processor in Peru, appears to have been impacted by a breach exposing 1.8 million unique email addresses. The compromised information encompasses extensive details about merchants, making this breach highly impactful. The data exposed is ripe for targeted attacks, including fraud schemes, impersonation, and extortion.

Exposed Fields:

Customer codes
Account information
Company names
Operational details
Email addresses
Phone numbers
Regional identifiers
Transaction data
Administrative records

3. Interbank – Customer Database Breach

A user on a dark web platform has shared a post alleging that Peru’s Interbank was affected by a breach exposing over 1.7 million unique email addresses. The compromised information includes sensitive personal and account-related data, which attackers could exploit to defraud customers or execute targeted phishing campaigns.

Exposed Fields:

Full names
Account IDs / National IDs
Birth dates
Addresses
Phone numbers
Email addresses
IP addresses
Credit card information

4. Bank of America – Employee Directory Breach

In the United States, Bank of America reportedly experienced a breach tied to the MOVEit vulnerability, compromising more than 280k unique emails. The breach exposed extensive employee directory information, making it a prime target for attackers seeking to craft social engineering schemes. The detailed organizational data presents significant risks, including impersonation of high-ranking officials and exploitation of internal processes for financial gain.

Exposed Fields:

Employee codes
Login IDs
Full names
Email addresses
Phone numbers
Job titles
Detailed organizational information

5. PrivatBank – Customer Data Leak

Data sets allegedly tied to Ukraine’s PrivatBank, including over 400 unique emails and 237 million records, are being offered for sale online. While the number of email addresses found was low, the leak’s volume and the type of data—personal identifiers like passports and full names—pose a severe risk. Cybercriminals can use this information for identity theft, document forgery, or large-scale fraudulent activities.

Exposed Fields:

Login IDs & Emails
Full names
Phone numbers
Passport information

Conclusion

These breaches illustrate the growing sophistication of cyber threats targeting financial institutions. While direct financial theft remains a concern, the exposure of employee and customer data introduces new risks, including identity theft, extortion, and reputational damage. Addressing these challenges requires proactive and comprehensive cybersecurity measures.

Managing Risks: Executive Protection in the Digital Age

Jason Wagner on December 18, 2024

The recent incident involving the United Healthcare CEO has sparked critical conversations in corporate boardrooms about the evolving threat landscape and the importance of robust security measures centered around executive protection. The incident has illuminated a stark and unsettling reality: the threat landscape for senior executives is evolving in ways that demand immediate attention and action. As companies scramble to reassess their security measures, it is imperative to consider the physical and digital vulnerabilities that executives face.

A Holistic Approach to Executive Protection

Executives today operate in an interconnected world where the lines between their professional and personal lives are increasingly blurred. The NYPD’s intelligence report labeling Thompson’s killing as a “symbolic takedown” underscores how online rhetoric can translate into real-world violence. While essential for corporate visibility, social media platforms also present a proactive opportunity for companies to enhance their digital security posture by identifying and mitigating the intelligence adversaries might use to target potential vulnerabilities. Personal addresses, travel schedules, and family details are often just a few clicks away for malicious actors.

This convergence of physical and digital threats highlights the need for a holistic approach to executive protection. Security measures can no longer be confined to physical guards or alarm systems. They must also encompass robust digital strategies, including minimizing digital footprints and proactive online threat monitoring.

A Watershed Moment for Corporate Security

The aftermath of this incident has seen a surge in demand for executive protection services, highlighting the importance of shifting focus from reactionary measures to sustainable and proactive strategies that address immediate and long-term security needs. Security firms have reported unprecedented inquiries, with corporations seeking guidance on everything from enhanced mail screening to deploying residential security teams. However, the challenge lies in reacting to immediate threats and creating a sustainable, long-term security framework.

For companies of all sizes, this “watershed moment” calls for a reassessment of how security budgets are allocated. Historically viewed as a non-revenue-generating expense, security investments must now be recognized as essential to safeguarding not just individuals but also the reputation and continuity of the business itself. Proactive investment in security can also demonstrate corporate responsibility and leadership, reinforcing trust among stakeholders and the broader community. The reputational damage and operational disruption resulting from a high-profile attack can far outweigh the upfront costs of comprehensive security measures.

In the recent report “Safeguarding Executives from Attack Using TAG’s Triangle of Protection Model,” Dr. Edward Amoroso, CEO of TAG Cyber, discusses how executive/VIP protection has three pillars — Physical, Virtual and Threat. Further, he goes on to address how integrating the triangle of protection is crucial to moving forward.

According to this report:

“The three points of the TAG Triangle of Protection — physical protection, virtual protection, and threat reduction — are interdependent and must function cohesively to ensure executive safety. Physical security safeguards the executive from immediate harm, virtual protection shields against cyber and reputational threats, and threat reduction addresses the underlying causes of hostility, but they should all be working together.

For example, early indications from the recent situation involving the CEO of UnitedHealthcare suggest that the attacker employed social engineering methods to obtain information about the logistics of the target. While it is perhaps improper to speculate on how the murder might have been avoided, one must concede that social engineering training can be viewed as interconnected with executive physical protection.”

Moving Forward

To navigate this new paradigm, corporations must adopt a layered approach to security, including taking a hard look at virtual and threat reduction, which we explore in more detail below:

Digital Hygiene: Encourage executives to minimize their online presence by removing personal information, such as home addresses and details about family members. This also includes reviewing social media activity to limit exposure.
Proactive Threat Monitoring: Leverage advanced threat intelligence tools to identify and mitigate risks before they materialize. This includes monitoring the dark web for leaked information and analyzing online chatter for potential threats.
Integrated Digital and Physical Security Protocols: These protocols combine physical security measures, such as guards and secure transport, with cybersecurity defenses to address both physical and digital vulnerabilities.
Crisis Preparedness: Conduct regular training and drills to prepare executives and their families for various scenarios, including attempted breaches or threats during public appearances.
Inclusive Security Strategies: Extend protection beyond the CEO to include other senior leaders and board members, recognizing that attackers may target less apparent individuals.

Responding Faster to Threats with a Proactive Approach

Organizations must also adopt cutting-edge solutions to address the evolving threat landscape. Constella Hunter+ is a digital risk protection platform that safeguards executives and VIPs against external digital threats. By continuously monitoring their digital footprints across the surface, deep, and dark web, as well as social media, Constella Hunter+ accelerates the ability to respond to threats targeting executives and their families.

Key Features:

Continuous Monitoring: Automatically scans for external threats across 53 languages and 125 countries, finding risks such as compromised credentials, exposed identities, and impersonations.
Proactive Alerts: This service delivers real-time notifications for risks like network breaches, account takeovers, and exposed identities.
Comprehensive Awareness: Offers a single-pane-of-glass view of risks across social media, deep and dark web forums, exposed identity data through breaches, data brokers, and surface web assets.
Customizable Threat Models: These enable tailored alerts that align with internal policies and industry-specific requirements.
Operationalized Protection: Integrates with provisioning systems and response workflows, speeding up threat mitigation and enhancing SOC efficiency.

A Call to Action

With its unmatched visibility into external digital footprints and the industry’s most extensive collection of curated identity records, Constella Hunter+ empowers organizations to:

Mitigate risks effectively before damage occurs.
Enhance the effectiveness of security teams through automated monitoring.

Protect executives and their families from both cyber and physical threats.

It is hypercritical that organizations shift the paradigm around the protection of their most valuable assets. Understanding your executive’s digital footprint and understanding cyber threats is critical before they become a physical threat. Organizations must begin to adopt a proactive and forward-thinking approach to addressing emerging threats against their executives. Boards and leadership teams must prioritize security as a core component of their governance responsibilities, including appropriating adequate resources (budgets) and fostering a culture of vigilance and preparedness, not just reactionary! Ensuring leaders’ safety and strengthening resilience in the face of emerging threats should remain a key priority and a critical layer in an organization’s overall security strategy.

The Evolving Threat of Cookie Session Hijacking: How Infostealers Enable Advanced Cyberattacks

Alberto Casares on December 9, 2024

Cyberattacks are becoming increasingly sophisticated, with cookie session hijacking emerging as a significant threat. This technique allows attackers to bypass even advanced security measures like multi-factor authentication (MFA), enabling unauthorized access to critical systems and user accounts. Infostealers, a category of malware designed to harvest sensitive information, have become a primary tool for conducting these attacks. This blog explores how infostealers facilitate cookie session hijacking, its implications for organizations, and how businesses can defend against this evolving threat

How Cookie Session Hijacking Works

Cookie session hijacking is a process in which attackers steal and reuse session cookies to impersonate authenticated users. Here’s how the attack typically unfolds:

Initial Infection:
1. Attackers use infostealers, phishing emails, or other malicious techniques to compromise a user’s device.
1. Infostealers like RedLine, Racoon, Vidar, Meta, and Lumma are commonly deployed to harvest session cookies from compromised devices.
Cookie Extraction:
1. Once the device is infected, the infostealer accesses the browser’s database to extract session cookies.
1. These cookies are stored locally on the system, typically in locations like %localappdata%\Google\Chrome\User Data\Default\Cookies.
1. Advanced tools like Mimikatz can decrypt protected cookies.
Session Hijacking:
1. Stolen cookies are imported into the attacker’s browser using tools like “Cookie Quick Manager” (Firefox) or “cookies.txt importer” (Chromium-based browsers).
1. The attacker now gains access to authenticated user sessions without needing credentials or MFA tokens.

Exploitation:
- Attackers leverage hijacked sessions to gain unauthorized access to critical systems, such as cloud administration consoles, collaboration platforms, and web-based email services.

This access can facilitate further attacks, including data exfiltration, lateral movement within networks, or ransomware deployment.

Real-World Vulnerabilities Exploited Through Cookie Session Hijacking

Cookie session hijacking poses significant risks across most of the platforms and industries, so it is not limited to niche applications. We have tested and discovered vulnerabilities in many commonly used services:

Email Services (including corporate emails)
- Web-based email services are one of the most critical assets attackers seek to compromise. By hijacking session cookies, threat actors can bypass traditional authentication, gaining access to email accounts without needing the user’s password or two-factor authentication codes. This access level allows attackers to monitor and even exfiltrate sensitive data, conduct spear-phishing campaigns, reset passwords for other linked services, or impersonate the victim in business correspondence. The repercussions are severe, ranging from data breaches to financial fraud, as attackers use compromised email accounts to pivot and gain access to more valuable assets.

Collaboration and Productivity Tools
- With the rise of remote work, collaboration platforms like Slack, Microsoft Teams, and Google Workspace have become indispensable. Unfortunately, these tools are also vulnerable to cookie hijacking. Attackers who gain access to these sessions can infiltrate internal company communications, steal sensitive documents, and even disrupt workflows. This not only compromises the integrity and confidentiality of internal discussions but can also provide attackers with insights into project timelines, corporate strategies, and employee details, setting the stage for further attacks, such as ransomware or insider threats.

Cloud Administration Consoles
- Perhaps the most concerning are attacks targeting cloud administration consoles. These consoles provide deep access to a company’s digital infrastructure. Hijacked sessions here allow attackers to potentially manipulate cloud resources, disrupt services, or even delete critical infrastructure. The potential damage ranges from service outages to complete data loss, making cloud environments a prime target for sophisticated threat actors.

AI Tools like ChatGPT
- AI tools, such as ChatGPT, have also become targets for cookie session hijacking. Attackers who hijack sessions of AI tools can impersonate users and access sensitive conversations, which may include proprietary or confidential information.

Social Media and Messaging Platforms
- Many popular social media and messaging platforms are particularly vulnerable to cookie-based session hijacking. These platforms often allow users to replicate sessions across devices without requiring additional validation. This convenient feature, intended for user experience, becomes a weak point for security. Attackers who gain access to session cookies can use them to impersonate victims, gaining full access to their accounts, including private messages and sensitive interactions. This form of unauthorized access can lead to identity theft, social engineering attacks, or even brand impersonation to deceive contacts.

Implications for Organizations

Once attackers successfully hijack a session, they often move quickly to exploit the compromised account. For individuals, this can mean loss of privacy, unauthorized purchases, or fraudulent messages sent to contacts. For companies, the impact can be far more devastating:

Corporate Espionage: Access to internal communication tools can reveal sensitive business strategies and negotiations.
Financial Fraud: Compromised email or cloud accounts can lead to unauthorized transactions or blackmail.
Supply Chain Attacks: Attackers can use hijacked sessions to impersonate company employees and target partners or suppliers, leading to a broader compromise of the supply chain.
Data Exfiltration: Threat actors can use hijacked accounts to extract sensitive information, which is then sold or used for further attacks.

Conclusion: The Role of Constella.ai in Combating Cookie Session Hijacking

Constella.ai offers an integrated cybersecurity solution that enables organizations to detect and mitigate threats posed by cookie session hijacking. By continuously monitoring for compromised credentials and session cookies, Constella.ai ensures early detection of vulnerabilities, preventing attackers from bypassing MFA or hijacking user sessions. Advanced attack surface mapping and real-time alerts empower organizations to address risks proactively, safeguarding critical systems and sensitive data.

As cyber threats evolve, the ability to detect and neutralize cookie session hijacking will be a cornerstone of organizational security. By implementing robust defenses and leveraging tools like Constella.ai, businesses can stay ahead of attackers, protecting both their operations and their reputation in an increasingly hostile digital landscape.

The Persistent Threat of Ransomware and How Businesses Can Protect Themselves

Alberto Casares on November 21, 2024

Introduction: Ransomware Landscape for Businesses

In recent years, ransomware has become one of the most pervasive cybersecurity threats, inflicting substantial losses on businesses globally. With an increasing number of organizations, from manufacturing to healthcare, falling victim to cyber extortion schemes, attackers are evolving their strategies to maximize impact. Notably, many of these attacks leverage infostealers—a type of malware designed to covertly harvest sensitive information, which is later used to facilitate ransomware operations. This blog delves into recent trends in ransomware, examining how cybercriminals exploit stolen data and the potential costs for organizations that become ensnared in these schemes.

Constella’s Analysis on Recent Ransomware and Data Exposures

Overview of Breaches and Infostealers

Ransomware attacks have escalated across various high-value industries, exploiting their unique vulnerabilities:

Manufacturing:
- Among the most affected sectors due to its reliance on complex data flows and interdependent supply chains.
- Disruptions in this industry can lead to cascading operational failures across global supply networks.
Healthcare:
- A prime target for its critical systems containing life-saving information and sensitive patient data.
- Ransomware in this sector poses heightened risks, as providers are often forced to pay ransoms to restore services promptly.
Technology:
- Targeted for its valuable intellectual property and business-critical information.
- Breaches can disrupt innovation, compromise trade secrets, and damage competitive advantages, as well as compromise access to key security tools relied upon by other companies, amplifying the ripple effect of such attacks.
Retail and Finance:
- Cybercriminals exploit these sectors for their vast repositories of consumer data and financial assets.
- Stolen data is often sold on the dark web or used for fraud and identity theft.

Ransomware incidents have a global footprint, with certain countries and regions experiencing elevated risks:

United States:
- The most affected country, facing frequent ransomware incidents across critical infrastructure, financial institutions, and healthcare systems.
- Extensive digital connectivity and high concentrations of essential services make the U.S. an attractive target for cybercriminals.
- Disruptions not only impact economic stability but also compromise key security platforms, potentially weakening defenses across industries.
India:
- Rapidly expanding digital infrastructure creates multiple vulnerabilities, offering attackers numerous points of entry.
- Growth in technology and finance sectors increases exposure to ransomware threats.
Canada, United Kingdom, and Australia:
- These countries share similar dependencies on digital infrastructure as the U.S., making them attractive targets for cybercriminals.
- Critical industries and public services in these nations are frequently disrupted by ransomware attacks, with increasing concerns about attackers exploiting security software providers.
Germany:
- A significant manufacturing hub, Germany’s strong industrial sector makes it particularly susceptible to supply chain disruptions caused by ransomware.
- Breaches in Germany’s tech-driven industries could compromise tools essential for securing other companies, magnifying the impact of an attack.

The analysis further indicates that breaches involving stolen credentials—many gathered through infostealers—affect more than 86% of recently compromised companies. Specifically, 34.6% of breached organizations reported exposure to infostealer infections, illustrating how attackers infiltrate networks via seemingly legitimate entry points. This data underscores the necessity for robust cybersecurity measures to counteract these sophisticated threats.

How Infostealers Facilitate Ransomware Deployment Within Organizations

Infostealers play a pivotal role in ransomware operations, acting as the silent enablers that pave the way for attackers to infiltrate and compromise organizations. By harvesting credentials and other sensitive information, infostealers provide the initial access points necessary for deploying ransomware.

Infostealers frequently collect session cookies, allowing attackers to bypass authentication mechanisms entirely. This facilitates a rapid ransomware deployment process by giving attackers immediate access to critical systems without triggering security alerts.

On the other hand, infostealers extract credentials for VPNs, remote desktops, email accounts, and administrative tools. These credentials are often used to bypass security measures, such as firewalls and multi-factor authentication, granting attackers unrestricted access to an organization’s internal systems. Once inside, they can escalate privileges and move laterally across the network to identify valuable data and critical systems.

Below are real-world examples that highlight how infostealers are weaponized to infiltrate various organizational systems:

VPN Access:
Compromised VPN credentials can grant hackers a secure entry point into a company’s internal network. A notable example is the $22 million Change Healthcare ransomware incident, where attackers leveraged stolen VPN credentials to infiltrate the network, escalate privileges, and exfiltrate sensitive data before executing the ransomware.

Corporate Webmail:
Hackers exploit stolen email credentials to extract confidential information from employee mailboxes. A high-profile case involved the Argentine police, where hackers obtained over 12,000 police contact details using compromised webmail access.

Collaboration Tools:
Platforms like GitHub, Confluence, and Slack house critical company data. The EA Sports breach, which resulted in the theft of 780 GB of source code, exemplifies the risks associated with infostealer-compromised collaboration accounts.

Cloud Services:
As businesses increasingly rely on cloud platforms, credentials for AWS, GCP, and Azure have become prime targets. A large-scale breach involving Snowflake impacted 165 organizations, including major firms such as AT&T, affecting millions of end users worldwide.

Economic Impact and Costs of Ransomware Attacks

The financial toll of ransomware extends beyond ransom payments, impacting business operations, customer trust, and regulatory compliance. In the case of Change Healthcare, the breach’s overall cost reached an estimated $22 million. Globally, ransomware has already cost organizations billions, with damages encompassing lost productivity, legal fees, and system recovery expenses. The threat is also reputational, as customers and stakeholders scrutinize data protection efforts following a breach.

How Constella Helps Companies Protect and Prevent Attacks

Infostealers are increasingly being used as a precursor to ransomware attacks, making early detection and mitigation critical to organizational security. Constella’s comprehensive approach ensures that any compromised credentials from infostealer infections, including compromised session cookies, are detected and alerted before they can be leveraged by attackers. By identifying these threats early, Constella.ai helps prevent credential abuse and cookie session hijacking attacks, which are commonly used to bypass authentication and escalate ransomware operations.

By combining advanced monitoring, real-time alerts, and proactive defense measures, Constella empowers organizations to protect their networks, data, and reputation from the dual threats of infostealers and ransomware, ensuring a robust line of defense against these evolving cyber threats.

NIST Updated Standards for a Secure Password

Keon Ramezani on November 10, 2024

Your internet account passwords are probably among the most guarded pieces of information you retain in your brain. With everything that has recently migrated to the digital realm, a secure password functions as the deadbolt to your private data.. Hackers understand how valuable this personal data is, and so Account Takeover Attacks—where malicious actors gain unauthorized access to your accounts—remain the most common cyber-attack vector.

Internet users’ passwords are frequently exposed in bulk via password combo lists, which are sets of credentials harvested from data breaches, and this has taught us the importance of using a unique password for every service we sign up for. This prevents a hacker from using your email address and one of your known (exposed) passwords—say, for website A—and checking to see if it successfully logs in to website B, C, D, etc., until they find that it works on website E.

With that said, even if all of your passwords are unique, if they are often not complex enough or of adequate length, hackers can often succeed in guessing your current passwords by using permutations of your previously exposed passwords, known information about you, or even checking against a list of commonly used passwords.

How Do We Know What Constitutes A Secure Password?

The National Institute of Standards and Technology (NIST) is an organization that helps us with this. NIST researchers create drafts for things like password requirements, publish them for a community of experts to submit their comments, and compile a published standard. Therefore, whenever you’re asked to create or reset a password and are given a set of requirements the password must meet, these are based on standards most likely set forth by NIST. It’s important for any organization that manages users’ passwords to stay up to date with NIST requirements for passwords.

One example of an existing NIST password standard is checking for exposed passwords against previous data breaches. For several years now, NIST publication 800-63B has included the need to check with previously exposed passwords in data breaches. “When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly used, expected, or compromised. For example, the list MAY include, but is not limited to, passwords obtained from previous breach corpuses.” This helps ensure that users are no making their accounts more vulnerable by using a known-exposed password.

NIST recently published a new draft standard for passwords, adding new recommendations to make passwords even stronger; below are the suggested changes and why they’re important:

Require passwords to be a minimum of 8 characters, with a recommended minimum length of 15 characters.
1. Why this is important: The longer your password is, the harder it is to guess your password. Even when trying to guess your password via brute force, long passwords require significant computing time, even for advanced computers, to guess correctly.
Allow passwords to be up to 64 characters long.
1. Why this is important: Again, longer passwords are more secure. Allowing users up to 64 characters creates even more secure passwords.
Accept all printing ASCII [RFC20] characters and the space character in passwords.
1. ASCII characters represent the rudimentary western characters used in typing—there are 95 printing characters in the ASCII set.
1. Why this is important: Allowing all printing ASCII characters is like having more colors to paint with. Consider being asked to create a 4-digit password using only numerals. We know there are only 10,000 possible combinations since there are only 10 numerals, zero through nine, and a series of four of them means we have a possible 10 raised to the 4^th power combinations. Now, consider a 4-character password that allowed all 95 ASCII printing characters; that’s 95 raised to the power of 4, or 81,450,625 possible combinations. That creates a much more secure password because it is exponentially more difficult to guess.
Accept Unicode [ISO/ISC 10646] characters in passwords, with each Unicode point counting as a single character towards password length.
1. Unicode is an international standard for written characters and emojis, covering 168 modern and historical scripts and symbol sets, encompassing a total of 155,063 total characters.
1. Why this is important: This expands on the benefit of allowing all ASCII characters, but with exponentially larger results. If we repeat our thought experiment of creating a 4-character password, but each character can be one of 155,063 possibilities, we wind up with 578,139,610,000,000,000,000 possible combinations—and that’s with a 4-character password, which is only half the minimum required password length.
Stop requiring arbitrary password complexity, like forcing the use of special characters or a mixture of numbers, letters, and symbols.
1. Why this is important: It may seem counterintuitive, but research shows that this is a beneficial change. The option to use special characters is excellent for those who want an additional layer of security; however, longer passwords are more effective than short and complex passwords and are typically easier to remember too.
1. This XKCD comic does a great job of explaining this concept: https://xkcd.com/936/
Stop requiring periodic password resets on specified intervals unless there is evidence of password compromise.
1. Why this is important: Have you ever logged in to your computer at work, only to be forced to change your password because 90 days had elapsed since you had last changed your password? This can be extraordinarily frustrating, as you may have a perfectly good password that you can actually remember, but now are forced to change it. In theory, this may sound like a good idea, but when you apply human behavior to the mix, you’re more likely to compel the user to create a weaker password. Consider that you know you’ll be required to change your password every so often—it’s only natural to select a password that fits into a sequence or follows a pattern, because of course that’s easier to remember. But a sequence of passwords that follow a pattern aren’t much more secure than the first password in the sequence.

But should there be an indication of a problem—it’s not a bad idea to compel password changes. For example, if your password is found exposed on the dark web, this is an excellent time to change it. Or if your organization suffers a security incident where it’s believed users’ passwords may have been compromised, this is a great time to change your password. But absent any evidence of such problems, it may be best to let users keep their passwords the same.

Stop allowing users to save password hints.
- Why this is important: Password hints can be helpful to both the account owner and a hacker trying to gain access to the account. Getting rid of password hints makes it that much more difficult to get into your account.
Stop requiring users to answer security questions to reset forgotten passwords.
- Using security questions (i.e., What was your favorite teacher’s name?) to authenticate the user’s identity presents another weak point—as a hacker may be able to guess your answers to security questions. In the event of a forgotten password, it’s best to verify the user’s identity through other methods before allowing them to reset their password.
Verify the entire password, not a truncated/substring of the password.
- Why this is important: This guideline is for what NIST calls “verifiers,” or the entity that verifies you’ve entered the correct password (i.e., the site you’re logging in to). Unfortunately, it is somewhat commonplace to truncate the entered password, usually due to technical limitations. For example, if an app is only designed to store eight-character passwords, but allows users to create longer passwords, it might only consider the first eight characters of the password when authenticating the user. Clearly, this undermines password minimum length, and therefore NIST recommends that the entire password is considered.

Even with these modernized guidelines for optimal password security, the unfortunate reality remains that passwords are exposed on the dark web by malware known as info stealers, and hackers work to find ways to guess and crack passwords. This is where Constella Intelligence comes in—with the largest data lake of exposed passwords and PII; you can leverage Constella’s data to determine if you or your users have a compromised password or any vulnerabilities hackers can exploit to gain unauthorized access to your accounts. Contact us today for a demo.