Sample Report Preview

This is a sample of our Account Exposure Report, powered by verified public datasets.

Want this automated for your company (recurring scans, deltas, ticketing, and user notifications)? Contact us for pricing & implementation.

Email Exposure Report

Generated: 2025-08-17 18:00
Scope: company email addresses checked against verified public exposure datasets (HIBP). Recency and presence of passwords drive priority.

Executive Summary

Emails Scanned
58
Addresses with Exposures
14
New Since Last Report
3
Entries Involving Passwords
9
Risk Grade: B
Grade considers total exposures, password involvement, and recency (greater weight to 2024–2025 incidents).

Address Overview

Email Exposure Count Highest Severity Latest Incident Priority
alice@company.com — new 2 High 2025-07-22 Reset & MFA
bob@company.com 1 Medium 2024-11-14 Enforce MFA
carol@company.com 3 High 2025-03-03 Reset & Review
ceo@company.com 0 None Monitor
dave@company.com 2 Medium 2023-12-02 Confirm MFA
finance.ap@company.com 1 High 2025-05-09 Reset & Audit
“High” usually indicates passwords present in the dataset (even if hashed) and/or very recent discovery.

Exposure Details

alice@company.com – 2 exposures (latest: 2025-07-22)
  • Source of Leak: AcmeForum (2025-07-22) — Data: Email, Passwords (hashed), IP
    Notes: Recent; common target for stuffing. Treat as credential exposure.
    • Suggest: Immediate password reset; invalidate active sessions.
    • Enforce MFA; review sign-in logs for anomalies.
    • Check inbox rules/forwards.
  • Source of Leak: GraphicTools (2024-04-18) — Data: Email, Names
    Notes: No password field indicated; lower urgency.
bob@company.com – 1 exposure (2024-11-14)
  • PhotoCloud (2024-11-14) — Data: Email, Partial Passwords (hashed)
    Notes: Reinforce MFA; check for reuse.
carol@company.com – 3 exposures (latest: 2025-03-03)
  • DevHub (2025-03-03) — Data: Email, Passwords (hashed), 2FA flag
    Notes: Contains credential material; assume reuse risk.
  • LearnPro (2024-06-09) — Data: Email, Names, Company
    Notes: No password data in dataset.
  • LegacyBoard (2023-09-21) — Data: Email
    Notes: Older; keep for historical context.
finance.ap@company.com – 1 exposure (2025-05-09)
  • InvoiceShare (2025-05-09) — Data: Email, Passwords (hashed), API tokens (revoked)
    Notes: Finance role; prioritize reset, check vendor portals, and review mailbox rules.
ceo@company.com – 0 exposures
No known public exposure records as of report time.

Recommendations

  • Mandatory MFA across email, VPN, finance, and admin portals.
  • Immediate resets for any addresses with password-related exposures; revoke sessions.
  • Block password reuse (SSPR/Conditional Access + banned password list).
  • Enable sign-in risk alerts (impossible travel, atypical locations, token theft indicators).
  • User notification with neutral, action-focused wording; track completion.

Next Steps

  1. Schedule weekly scans; highlights “New since last report”.
  2. Integrate with your SIEM or ticketing system for automated tracking.
  3. Run a targeted phishing simulation for impacted users.
  4. Audit forwarding/inbox rules and recent sign-ins for impacted accounts.
  5. Apply stricter conditional access for executives and finance mailboxes.
Need this operationalized? Talk to us.

Methodology & Privacy

  • We query exposure metadata only; no passwords are collected or transmitted.
  • Priority blends recency and whether passwords were present in the dataset.
  • Dates reflect dataset disclosure, which can differ from incident occurrence.

    • Contact us for pricing & implementation of this service..