While employees may have moved on from your organization, their company-issued credentials can still be active and valid within the 3rd party systems they used while employed. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “zombie” accounts that can be used to exploit an organization. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and 3rd party accounts that could be used for exploit.
Some of this data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- How do I subscribe or unsubscribe a Daily/Monthly Dark Web ID Compromise Report email notifications?
- Compromise Data Spike
- Dark Web ID Data Integrity
- CSS Compromise Type
- I see fake emails (false positives). Why is this important?
- How are the stolen or exposed credentials found on the Dark Web ID?
- What is the Dark Web?
- Some of this data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?
- Identified method used to capture/ steal data: how was the data stolen or compromised?
- Does the identification of my organization’s exposed credentials mean we are being targeted by hackers?
- See more