Accidental Exposure – The compromise of data is attributed to an unintentional disclosure by non-malicious actors on a web page, social media, or peer-to-peer site.
Bot – The compromise of data is attributed to botnet activity.
Breach – This data was compromised as part of an organisation’s data breach.
Data Dump – A consolidated collection of new and/or previously compromised credentials were made available for bulk consumption.
Dox – The data was disclosed as a part of a Doxing effort. Doxing is the research, collection and broadcast of private or personally identifiable information (PII) about an individual or organization. Doxing may be carried out for various reasons, including extortion, coercion, inflicting harm, harassment, and online shaming.
Keylogged / Phished – The compromise of data is attributed to entering into a phishing website or extracted through software designed to surreptitiously harvest personally identifiable information (PII)
Not Disclosed – The corresponding metadata associated with the collected information is currently insufficient to accurately attribute to a specific compromise type.
Sample – The data was disclosed is a subset of a larger dataset disclosed by an individual or organization to prove its validity of an exploit / breach.
Tested – The data was legally tested to determine if it is live/active data.
Asprox – The IP address has been identified as associated with the Asprox botnet, also known by its aliases Badsrc and Aseljo, and is mostly involved in phishing scams and performing SQL injections into websites in order to spread malware
C2 Server – The IP address has been identified as being associated with a Command-and-control (C2) Server. Command-and-control servers are used by attackers to maintain communications with compromised endpoints within a targeted network. These compromised endpoints collectively are referred to as a botnet. This is achieved through infecting endpoints with malware. Botnets are leveraged by attackers to conduct malicious activity (send spam, distribute malware, etc) without the knowledge of the system owner.
Chat Room – This data was discovered in a hidden Dark Web internet relay chatroom (IRC).
Cutwail – The IP address has been identified as associated with the Cutwail botnet and is mostly involved in sending spam e-mails. The bot is typically installed on infected machines by a Trojan component called Pushdo. It affects computers running Microsoft Windows.
File Sharing – The IP address has been identified as associated with malicious file sharing activities.
ID Theft Forum – This data was discovered being exchanged on a dark web forum or community associated with ID theft activities.
P2P File – This data was discovered as part of a file being exchanged through a peer-to-peer file sharing service or network.
Public Web Site – This data was discovered on a publicly-accessible web forum or data dump site.
Social Media – This data was discovered being shared as a post on a social media platform.
Webpage – This data was discovered on a hacker website or data dump site.
Zero Access – The IP address has been identified as associated with the Zero Access botnet. At the time of discovery, the ZeroAccess rootkit responsible for the botnet’s spread is estimated to have been present on at least 9 million systems (2012).
Not Disclosed – The origin of the breach has not been disclosed for one of two reasons: The name of the site has not yet been determined or the breached organization has not yet publicly acknowledged a cyber incident.