Info about Leaked Credentials alert

%3CLINGO-SUB%20id%3D%22lingo-sub-1048090%22%20slang%3D%22en-US%22%3EInfo%20about%20Leaked%20Credentials%20alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1048090%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20way%20to%20get%20more%20information%20about%20Leaked%20Credentials%20alerts%20that%20have%20been%20triggered.%26nbsp%3B%20I've%20seen%20one%20or%20two%20accounts%20on%20occasion%20but%20when%20I%20go%20to%20all%20my%20dark%20web%20and%20intelligence%20sources%20these%20accounts%20do%20not%20appear%20in%20any%20breaches%2C%20pastes%2C%20forums%2C%20classifieds%20for%20say%20etc.%26nbsp%3B%20Nothing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20Microsoft%20share%20the%20details%20of%20where%20they%20picked%20these%20up%20as%20a%20valid%20set%20of%20credentials%3F%26nbsp%3B%20I%20think%20this%20would%20be%20very%20useful%20to%20help%20companies%20backtrack%20to%20root%20cause%20and%20fix%20the%20leak.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1048090%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1056477%22%20slang%3D%22en-US%22%3ERe%3A%20Info%20about%20Leaked%20Credentials%20alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1056477%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F393307%22%20target%3D%22_blank%22%3E%40lfkentwell%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20see%20additional%20information%20here%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fpolicies-threat-protection%23detect-leaked-credentials%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fpolicies-threat-protection%23detect-leaked-credentials%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGerson%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1057052%22%20slang%3D%22en-US%22%3ERe%3A%20Info%20about%20Leaked%20Credentials%20alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1057052%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F45656%22%20target%3D%22_blank%22%3E%40Gerson%20Levitz%3C%2FA%3E%26nbsp%3Bthanks%20i%3Bve%20seen%20that%20before.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20specifially%20trying%20to%20find%20out%20where%20Microsoft%20found%20these%20credentials%20e.g.%20in%20a%20paste%20or%20on%20a%20dump.%26nbsp%3B%20This%20is%20so%20I%20can%20work%20out%20how%20the%20credentials%20where%20compromised.%26nbsp%3B%20For%20example%20if%20a%20breach%20dump%20for%20a%20specific%20website%20breach%20dump%20was%20published%20so%20I%20can%20tell%20users%20to%20not%20use%20their%20company%20credentials%20on%20personal%20websites.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Is there any way to get more information about Leaked Credentials alerts that have been triggered.  I've seen one or two accounts on occasion but when I go to all my dark web and intelligence sources these accounts do not appear in any breaches, pastes, forums, classifieds for say etc.  Nothing.

 

Can Microsoft share the details of where they picked these up as a valid set of credentials?  I think this would be very useful to help companies backtrack to root cause and fix the leak.

2 Replies
Highlighted
Highlighted

@Gerson Levitz thanks i;ve seen that before.

 

I am specifially trying to find out where Microsoft found these credentials e.g. in a paste or on a dump.  This is so I can work out how the credentials where compromised.  For example if a breach dump for a specific website breach dump was published so I can tell users to not use their company credentials on personal websites.