Vulnerability Disclosure Policy

LAST UPDATED: April 23, 2024
Security is the top priority at HEROIC as our mission is to intelligently protect the world’s information. By 2020 there will be over 50 billion devices and web applications connected to the cloud, with HEROIC leading the charge to secure those resources. Beyond securing the technology of our clients and our own products we also work hard to find and remediate vulnerabilities that affect the masses. In accordance with our mission we have adopted the following vulnerability disclosure policies in the products and services that we work with.

HEROIC adheres to a 90-day disclosure deadline.

We notify vendors of vulnerabilities immediately, with details shared publicly with the defensive community after 90 days, or sooner if the vendor releases a fix. We’ve chosen a deadline timeline standardized by many of the largest technology companies in the world and feel it’s reasonably calibrated for the current state of the industry.

  • Weekends and holidays. If a deadline is due to expire on a weekend or US public holiday, the deadline will be moved to the next normal work day.
  • Grace period. We have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch. Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+).
  • Solutions. We will use our resources as much as possible to work with companies to help them provide fixes to users in a reasonable time.
  • Assignment of CVEs. CVEs are an industry standard for uniquely identifying vulnerabilities. To avoid confusion, it’s important that the first public mention of a vulnerability should include a CVE. For vulnerabilities that go past deadline, we’ll ensure that a CVE has been pre-assigned.

We reserve the right to bring deadlines forward or backward based on extreme circumstances and we are committed to treating all vendors equally. We also expect to be held to the same standard when we find vulnerabilities in our own software. Our objective is to help reduce the number of people harmed by targeted attacks and we believe these policies are in line with our mission of intelligently securing the world’s information.

Get Early Access to the Guardian Platform

HEROIC is close to launching our next-generation platform where you can search, secure, and monitor all of your identities. To be the first in line, simply insert your email and you'll be added to the list

Please correct the marked field(s) below.

Be the first to know when we launch

HEROIC is still under development, but we are well underway. We estimate launching in early 2024. Subscribing lets you know when we launch, and how you can be the first to reserve your HERO's (special currency specific to the platform).

Sign Up for Our Newsletter

Email marketing by Interspire

Scan to sign up

Scan to sign up instantly

24/7 Dark Web Monitoring
Instant Breach Alerts
Secure Data Protection
Your Data is at Risk

Your Personal Information is Exposed

We found your data exposed in multiple breaches. This includes:

  • Email addresses
  • Passwords
  • Phone numbers
  • Financial information
Secure My Information Now

Your information is protected by enterprise-grade security

Your Breach Details

Date:
Severity:
Records Exposed:

Your Exposed Information

Your Risk Level

How This Affects You

Full Breach Details

Premium Insights

Unlock Critical Security Information

Create a free account to access:

  • Full Breach Impact Analysis
  • Identity Theft Risk Score
  • Exposed Credentials Details
  • Personalized Security Recommendations
Create Free Account

Identity Theft Risk Score

Risk Score: 8.7/10 - Critical

Data Exposure Analysis

Passwords Critical
Financial High
Personal Medium
Social High
Security Critical

Breach Timeline Analysis

March 2024 Multiple credentials exposed in recent data breach
January 2024 Password found in dark web marketplace
December 2023 Personal information leaked in major security incident

Security Recommendations

High Priority
Password Security

Critical: Change compromised passwords immediately and enable 2FA on all accounts

Important
Financial Protection

Monitor credit reports and set up fraud alerts with major credit bureaus

Recommended
Identity Protection

Enable advanced identity monitoring and dark web surveillance