Leaked Credential Collection Sources

The Leaked Credentials add-on for Avanan collects leaked credentials from multiple sources across both the open web and underground ecosystems. These include:

  • Telegram: Channels and groups that share credentials, fullz (complete identity profiles), and malware logs.

  • File-sharing platforms: Services such as GoFile are commonly used to distribute malware logs and credential dumps.

  • VirusTotal (VT): Credential data extracted from malware samples submitted to the platform.

  • Cybercrime forums: A curated set of high-value deep and dark web forums that directly or indirectly contribute to credential exposure. These include, but are not limited to:

    • DarkForums

    • Exploit

    • Cracked

    • Cracking

    • BHF

    • Dread

    • Leakbase

    • BreachForums

This multi-source approach enables the comprehensive and timely aggregation of compromised credentials, enhancing visibility across a broad threat landscape.

Note:

This list is partial and is continuously updated to reflect changes in adversary infrastructure and intelligence collection capabilities.