Introducing Account Takeover Risk Detection

November 21, 2019

The use of stolen account credentials has been one of the top hacking tactics for years.

That’s a scary thought when you consider the rampant use of corporate credentials on consumer sites and the pervasiveness of password reuse.

These factors can increase your risk of attack, such as account takeovers and phishing when a site suffers a data breach—exposing corporate account information like email, passwords, and other PII.

While seemingly innocent, something as simple as an exposed corporate email addresses can increase the likelihood of phishing attacks, as the attacker now has access to a valid corporate email account. These account takeover situations go undetected by traditional vulnerability assessment and threat management approaches as valid credentials are being utilized.

To help our customers get ahead, Arctic Wolf announced this week new capabilities around Account Takeover Risk Detection. 

Arctic Wolf continuously scans customer’s public-facing internet environments against the world’s largest repository of third-party data breach information recovered from dark and grey web sources. This harvested information can include corporate email addresses, passwords (if found to be in the clear), as well as information about the data breach itself to identify where the corporate email may have been compromised.

This new capability enables Arctic Wolf Managed Risk and Managed Detection and Response customers to address several use cases, including:

Account Takeover Risk Detection

Account takeover is a form of identity theft where a bad actor obtains information about a victim and uses it to obtain high-permission-based access to a company’s sensitive systems and information.

Arctic Wolf leverages information from dark and grey web sources published through known data breaches to alert on potential high-risk account takeover situations where a corporate account and password have been exposed in the clear.

This allows the appropriate action to take place, such as changing passwords and heightening vigilance on phishing attacks.

Corporate Exposure Alerts

Your Arctic Wolf Concierge Security Team alerts you to active employee accounts that have been exposed as part of a data breach. They then assign a risk score for the severity of that risk depending on the level of credential exposure.

Data Breach Cataloguing

Your Arctic Wolf Concierge Security Engineer can provide you with additional context about accounts that were part of a known data breach, including the source, and description of the breach.

Account Takeover Screenshot

[Figure 1: Example of data breach information available to an external scanner.]

Existing customers can start benefitting from this right now, so reach out to your Arctic Wolf representative or Concierge Security team to customize your security outcomes.

For more information on Arctic Wolf’s leading SOC-as-a-service, Managed Detection and Response, Arctic Wolf Agent, or Managed Risk, visit

Previous Article
NordVPN Data Breach 2019: What You Need to Know
NordVPN Data Breach 2019: What You Need to Know

Next Article
Detecting Lateral Movement, Privilege Escalation, and Credential Theft Just Got Easier
Detecting Lateral Movement, Privilege Escalation, and Credential Theft Just Got Easier


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!