HomeGuidesChangelog
Log In
Guides

Breached Checks

Dark web checks to highlight when identities have been compromised.

What it entails

Breached checks ingest dark-web and breach-database feeds to flag whether an identity or credential has been exposed within the last 3 days, 30 days, or earlier. They bucket compromise events by recency (high, medium, low) to surface the most urgent risks. Historical compromise age tiers help prioritize remediation.

Why it works

Attackers leverage freshly compromised credentials for account takeover and credential-stuffing before victims reset passwords. Recent breaches represent high-velocity fraud windows that automated monitoring can intercept.


Checks

The following are the distinct IDs and types of checks that are included in the Breach Check Package.

BREACHED_IDENTITY_COMPROMISED

Recency of identity compromise events.

ValueNameDescription
NEWIdentity compromised very recentlyThe identity was breached in the last three days.
RECENTIdentity compromised in last monthThe identity was breached in the last 30 days.
OLDERIdentity compromised over a month agoThe identity was breached more than 30 days ago.
NONENo information availableNo compromise information available.