What's different about SpyCloud?

SpyCloud is laser focused on our core competency – cybercrime, as it feeds into Account Takeover attacks. We do not spend time in other intelligence domains (such as nation-state, physical security, etc.). Because of this, we find artifacts related to ATO at a massive scale, mostly from private/covert sources and the results are immediately useful and specific to our customers.


What types of information can you find?

Here’s an example of the type of information we find by scanning for your domain (partial list):

  • Internal and external systems infected with a keylogger that are logging into your servers.
  • Corporate computers infected while being used for personal use.
  • Any compromised credentials (username and password) associated with a domain login

Examples of the type of information we find by scanning your personal email addresses (partial list):

  • Compromised credentials from private (you won’t read about any of these in the press) and public data breaches.
  • Cloud login credentials
  • Personally identifiable information (PII) that is easily associated to your email.

How often should I expect to receive an alert from SpyCloud?

We load hundreds of new breached databases (mostly from private sources) into our system every month. Each of these databases contains potentially millions of compromised records. On a busy month, we can exceed several hundred million artifacts in a single month. Given our rate of collection, for large enterprises, it is common to receive a handful of alerts each month. Small companies should expect to receive an alert every few months.

Do you work with law enforcement, ISACs and CERTs?

Given our tradecraft, we run into artifacts that fall outside of our area of focus. We work with law enforcement in these situations. We work with in-country CERTs, ISACs and other information sharing communities often to reach breached victims. If the victim is a customer, they will receive the breach notice immediately directly from SpyCloud. If they are not a customer, our responsible disclosure outreach is best effort and is subject to the normal time it takes to find the right contact and exchange the information.

How are domains I add to my watchlist handled in your service?

Assuming you own the domain ‘acmeinc.com’, we’ll monitor for ALL email addresses that match against it (john@acmeinc.com, jane@acmeinc.com, etc.), regardless of the number we find. We take you on the honor system to choose the pricing plan that best matches your actual company size.

What if I need to upgrade at a later date to add more domains/emails/etc?

No problem, you can upgrade at any time. Just contact us at support@spycloud.com and our accounts team will get you set up.

What if I'm a service provider and want to monitor for credential reuse among my customers?

Many of our large service provider customers are not only interested in monitoring for breaches from within their organization. They also want to be proactive detecting fraud and identity theft for their customers’ accounts, especially if they’ve been compromised in a botnet or from a third party breach. Please get in touch to discuss our API and pricing if this applies to your organization.

What are personal email addresses in the watchlist?

Many of us often use a personal email for professional services at work (e.g. Dropbox, Linkedin, etc.). In the unfortunate situation that one of these services is breached, it’s fairly common for hackers to try and reuse the same username/password on other sites (including your company’s sites).

Your Gmail, Hotmail, Yahoo, etc. addresses are typically those that should be added to the ‘Personal Email Watchlist’. We provide monitoring for a limited number of these non-corporate email addresses for your executive team and other high profile employees.

Personal email addresses are typically considered those that do not match any of the domains in your Domain Watchlist. Since we monitor all email addresses associated with the domains in your Domain Watchlist, it is not necessary to add your work emails in the Personal Email Watchlist, we’ve already got them covered.

Is there a downside to adding my corporate email to the personal email watchlist?

In the case we’re already monitoring your corporate domain (e.g. example.com) and you add your work email (john@example.com), you might get two notifications when your email pops up on our radar in a new breach.

If you don’t actually have authorization to monitor all of example.com, then adding your work email is a simple way for you to keep tabs on breaches affecting you at work.

How do I act on the information you share with me?

We include remediation advice for the various types of breaches that we find. Remediation advice can be seen from the detailed view of each breach (in the portal). If you have any questions about a breach or need further remediation advice, please feel free to contact our support at 800-513-2502 or email support@spycloud.com.