Minimize Digital Risk with Webhose Data Breach Detection API

Posted on September 15, 2020 by Liran Sorani

read the article

Although the digital age has brought unprecedented opportunity to organizations, it has also come with increased risk. In our online world of endless data points and online systems, there are more ways than ever for your data to be exposed. Brand protection and digital risk management today are a must for organizations across any industry. 

Introducing Webhose Data Breach Detection API

Webhose Data Breach Detection API is committed to helping you protect your customers from digital risk by continuously delivering you the most comprehensive data in the deep, dark and open web. 

That includes up to five years of historical data. Our data breach feeds and archived data feeds now offer upgraded capabilities that include domain and brand protection as well as multi-entity risk management such as account takeover, fraud, impersonation, and more. 

That means not only do you have the ability to constantly discover risks related to your domain, but you can also identify the leaked data connected to these risks, whether they are emails, account names, passwords, credit cards, and more. And since the majority of the discovery process of new data is automatic, you can be sure that you’re always getting the latest and freshest data about your domain. 

There are several ways to use Webhose Data Breach Detection API. We’ve gathered a few examples from the brand protection and risk management categories in order to demonstrate how useful it is.

Early Threat Detection

When an actor publishes a post advertising the sale of data, it generally means that he is planning to start leaking the data soon. Attackers often advertise leaks in several parts in different forums, sites, and marketplaces in the dark web.

For example, our Cyber API was able to detect a request to buy the database (and an answer on another user selling it) for the Catho.com.br job portal company as far back as May.

Post discussing the buy and sale of Catho.com.br database
Post discussing the buy and sale of Catho.com.br database

By July, the first part of the database – of almost 49 million users – was being sold publicly.

Post advertising the sale of Catho.com.br data
Post advertising the sale of Catho.com.br data

By continuous monitoring of the deep, dark and open web for discussions and posts of data breaches, organizations can identify data leaks in their earliest stages, even before the first sale of a breach. They can also take the necessary steps to protect their data to keep it out of the hands of attackers and save countless time and resources involved in dealing with an attack.  

Identifying the Entire Life Cycle of a Breach  

According to IBM, the average life cycle of a data breach is 279 days. But the average time an organization takes to detect a data breach is 206 days. That means that every minute counts when it comes to mitigating damage.

For example, the first mention of a data breach of Tokopedia, an online Indonesian technology company, was found in hacking forums as early as the 1st of May. The  post, found in the Webhose repository, offers data from 15 million users for free, and includes personal information of users like their email, phone number, full name and more.

The actor posted the first part of this leak for free
The actor posted the first part of this leak for free

We continued to see additional mentions of sales and discussions of the leak throughout May.

An additional mention of the database for sale
An additional mention of the database for sale

Finally, one of the last mentions of the Tokopedia breach was in July. The entire database of 91 million users was finally for sale.

The full database leaked for free
The full database leaked for free

Organizations that receive continuous data from the deep, dark and open dark web monitoring in place can stay on top of a data breach as it unfolds. Even if they aren’t able to completely prevent malicious attempts to leak their data, they can mitigate future damage with the technology in place to monitor the entire data breach lifecycle.

Full Context Discovery 

One leaked record is only the tip of the iceberg for discovering compromised data for enterprise organizations. Webhose Data Breach Detection API combined with our Cyber API lets us see the full context of the leaked post by discovering the source of the published post, actor, discussion thread, and more.  

For example, we have the following record of a credit card found in the Data Breach Detection endpoint:

credit card and value

We can also see this record is from an open website named crdbluc and that we have a reference for the original post:

original reference

Once we enter the post into our Cyber API, however, we can discover a lot more information about it.

First, we can see that the original posts contain more details than just the credit cards mentioned above. We now have more information related to the credit card number in addition to other details like the phone number and physical address.

Phone and address

Second, we can now find more context related to the post. For example, we can see the actor name who posted this leak as well as the full thread related to it.

details 2

Now for the exciting part: By searching this actor’s name in our Cyber API we can find more leaks he published and also see that he was active in other sites such as carding.ug.

details 3

Together through identifying the credit card details, actor name and other leaks, we gain a far clearer picture of the leak and the risk involved.

This type of full context discovery allows organizations to more accurately calculate risks and gather the necessary relevant intelligence on the target.

The Next Generation of Data Breach Detection 

Experts estimate that 16 billion records have already been exposed in 2020. Organizations that want to defend against digital risk will need to increasingly rely on continuous access to comprehensive data from the deep, dark and open web. This is especially true as cybercriminal activity thrived during the global COVID-19 lockdowns and became more sophisticated. However, the new Webhose Data Breach Detection API, with its continuous monitoring, multi-entity support, and domain threat feed, has the capability to deliver this type of valuable data to organizations as these cyber threats become more dangerous and complex. 

Want to get started with Webhose’s Data Breach Detection? Schedule a call with our data experts today!