January 30, 2017
Our Message on Cybersecurity
As events continue to unfold in the world of cybersecurity, we felt it necessary to share our thoughts and views on the ever-changing landscape of data breach monitoring. It’s a relatively new concept that is seen as controversial, dangerous and in some instances, helpful and protective.
The Need for Data Breach Monitoring
We live in a connected world. From mobile devices to home security systems to smart refrigerators, we are connected to some device every day. Being connected, we place a lot of personal information like names, birthdays, addresses, usernames and passwords online. All of that information demands proper security practices to ensure that your personal information doesn’t end up in the hands of hackers and cyber criminals looking to use your personal information against you.
Unfortunately, sometimes that sensitive information isn’t safeguarded like it should be. 2016 proved how vulnerable your information really is and how poor enterprise security has become. Hacks, leaks and overall poor security measures across various industries has led to billions of private data points being leaked, traded and sometimes sold on the dark web. The very data that we think is protected in reality is floating around the internet.
Some will argue that the data sets dating back four or five years ago aren’t harmful, however, many companies continue to use the same security practices as they did years ago and many individuals continue to use identical or very similar login data online across sites. That means no matter the age of the data, it should be treated as if it were only a day old.
How would an individual know that he or she has been involved in a breach? They might see a news article or overhear a conversation revolving around large companies leaking data that receives national coverage like Yahoo or Ashley Madison. But what about the thousands of hacks and leaks that receive little to no media coverage? How then will an individual know that their private information is exposed and their login credentials are now insecure and readily available for hackers to take advantage of?
For that reason alone, we feel that data breach monitoring is very much a service that everybody should have access to. These innocent victims deserve to be notified so that they can protect themselves and their families from possible cyber threats.
LeakedSource Raided by Law Enforcement
Although still unconfirmed at the time of writing this, popular breach notification site, LeakedSource, was supposedly raided by law enforcement. LeakedSource (along with other service providers like HEROIC) have provided reporters access to some of the largest data breaches ever. Even though they thought they were providing a security service, LeakedSource received harsh criticism for allowing users to subscribe to the site and gain access to raw data from corporate hack and leaks, including user specific passwords.
For months, experts had questioned the site’s authenticity, intentions and unethical behavior. Not only did the site provide hackers with direct access to billions of compromised accounts, but the mind(s) behind the site also decrypted data into plaintext for anyone with a subscription to have access to. They provided anyone willing to pay direct access to log into others’ online accounts to commit cyber crimes without the rightful owner having any idea that they had even been compromised in the first place; much less that hackers were using their credentials.
What Makes HEROIC Different
We take security and data breach monitoring very seriously. Unlike LeakedSource, HEROIC is primarily used by individuals that truly want to secure and protect their sensitive information. With daily updates to our master database of over 3 billion records, we have aggregated the world’s largest publically available hack database. We strive to maintain our database’s accuracy and security. We fully understand the great responsibility that comes with such a large repository of information that if abused, can cause harm to millions of individuals.
We do not provide any sensitive details about a user unless he or she has confirmed their identity through extensive security measures. We simply do not and will not provide this data to any other user using our platform. We also provide users with the ability to hide their data from our public search if they so choose. We also have added limits on our searching capabilities to eliminate incidents of abuse.
HEROIC’s mission is to intelligently protect the world’s information. Our focus will not change. Moving forward, we will continue to develop and perfect our consumer cybersecurity products. Additionally, we will be rolling out business solutions including free and paid API services to help companies secure employee login credentials. Like our consumer offerings, we will require each company to demonstrate that they own the domain(s) they are inquiring about before any sensitive information is shared with them.
By tackling the threat of cyber threats and hackers at a consumer and enterprise level, it is our hope that we can intelligently protect the world’s information both ethically and responsibly.
– Chad Bennett, CEO