Skip to main content

Recaptured Data in Preventing Cyber Crime Explained

What if we told you the biggest risk to your enterprise is in the places you’re not
looking – places you don’t have access to?

The criminal underground is packed with stolen credentials, PII, and browser fingerprints that let criminals impersonate your employees and customers, evading detection from traditional fraud controls.

Underground data exists for nearly everyone – employees, vendors, and customers – who may have dozens or more online personas. When their credentials and PII are leaked in a breach or siphoned from a malware-infected device, your team can’t effectively protect them. You’re never quite sure if any of that data connects back to your enterprise or customers, or if you’re truly secure from attacks that leverage stolen data like account takeover and ransomware.

Without that knowledge, your entire enterprise is at risk.

This risk represents a missed opportunity for information security and fraud prevention teams. For the longest time, data from the criminal underground wasn’t accessible. Now it’s an untapped source of powerful insights. We call it Recaptured Data.

Investigation shown on laptop
Guide to Recaptured Data

What is Recaptured Data?

Recaptured Data is information that SpyCloud’s human intelligence researchers have recovered from tens of thousands of security breaches, millions of malware-infected devices, and other covert sources – transformed into actionable insights. 

The SpyCloud Recaptured Database contains over 200B assets which power our Account Takeover Prevention and Online Fraud Prevention solutions. It is comprised of more than 200 distinct field types collected directly from breach records and logs from malware-infected devices:

  • Compromised credentials (email address + password pairs)
  • Web session and device cookies
  • PII including names, street addresses, phone numbers
  • Government identification including SSNs, NINOs, driver’s licenses, and passport numbers 

We make this data machine-readable and available to help enterprises make informed decisions about how to protect themselves, their employees, vendors, and customers.

What makes Recaptured Data unique?

A lot of companies claim to offer the best “breach data.” Recaptured Data is not just data from breaches. That data, in the form most providers offer, is unstructured data that is not actionable.

What makes Recaptured Data unique – in short – is its variety, actionability, and insights.

  • Variety
    With more than 200 data types, Recaptured Data covers the gamut of information exposed in the criminal underground. But it’s also variety in sources that makes Recaptured Data special. We not only recover data from breaches, but also from other underground sources only we have access to – as well as from malware-infected device logs. These contain information siphoned from malware-infected devices, which criminals immediately operationalize by selling to other bad actors or by using the data to impersonate employees and customers, flying under the radar of fraud detection tools undetected.

With stolen cookies and credentials, criminals can do extreme damage to companies and individuals. But in the hands of enterprise security and fraud prevention teams, this same data can be used to negate at-risk web sessions and protect vulnerable accounts.

  • Actionability
    Recaptured Data isn’t raw data: it’s records that are enriched with supporting contextual information, including the source, breach description or malware family, actual compromised password, and much more.

SpyCloud has invested heavily in “de-hashing” collected passwords, allowing customers to determine whether exposed credentials exactly match the in-use credentials for their employees and customers. More than 90% of the 25B passwords in our database are in plaintext, making our data the most actionable in the industry.

No false alerts here, only evidence of compromise.

  • Insights
    SpyCloud correlates Recaptured Data points to form a true picture of a user’s risk across their many exposed online personas. This means we are able to identify a user in one breach as being the same user exposed in another breach or through a malware-infection on their personal or corporate device. We can tie email addresses, usernames, passwords, and PII together to reveal a singular user’s risk of account takeover, synthetic identity, and fraud across their many exposures. This is the only way to determine their true risk to your enterprise.

Why should you use Recaptured Data?

In short, companies use Recaptured Data to help avoid the risk of breaches caused by the use of stolen authentication data, or fraud that otherwise goes undetected earlier in the attack timeline. The key is recapturing data early after a breach or malware infection occurs, so it’s in your hands before it’s used to cause harm to your business and your customers.

By the time other companies alert you to exposures, criminals have already had stolen data in their hands for months (and sometimes years). 

No enterprise can gather their users’ compromised data with the speed and scale necessary to thwart attacks.

This is SpyCloud’s focus, and why hundreds of enterprises rely on us.

Who uses Recaptured Data?

Since cyber criminals don’t discriminate, companies of all sizes in varied industries use Recaptured Data. Any company can use it, and so far, hundreds of companies around the world – including half of the Fortune 10 – rely on it. 

SpyCloud customers include:

Logo for Avast, a SpyCloud enterprise security customer
Logo for Automattic, a SpyCloud customer
Logo for Cisco, a SpyCloud enterprise security customer
Logo for Samsonite, a SpyCloud customer
Logo for MailChimp, a SpyCloud customer

Join us in our mission to disrupt criminals’ ability to profit from stolen data