Configurable monitors for: domain credentials (employees with leaked passwords tied to your domain), customer email exposure (your customers' addresses appearing in breach dumps), brand mentions on underground forums and marketplaces, and executive-account targeting. Each finding is tied to its source (which breach, when, what fields), so you can verify and triage.

Primary providers: HaveIBeenPwned (HIBP), LeakCheck, IntelX, and DeHashed. Plus our own curated set of underground forums, paste sites, and marketplace channels for brand and executive monitoring. Coverage is refreshed continuously — new breach corpora typically reach our index within hours of public disclosure.

HIBP is excellent for individual email lookups. Vulnios extends it to the organization level: rather than checking one email at a time, you configure your monitored assets (domains, customer lists, brand keywords, IP ranges) once, and we continuously check them across HIBP and the other providers. Findings are deduplicated, prioritized by severity, and presented as actionable security events rather than raw breach JSON.

Each finding tells you the exposed credentials/identity, the source breach, when it leaked, and whether the password is plaintext or hashed. Standard response: force-reset the affected accounts, check for downstream account-takeover indicators (suspicious logins, MFA prompts), and run a password-reuse check across your other systems. The finding stays in the platform with full audit history.

A limited set is — you can monitor one domain and run one-time checks. Continuous monitoring across multiple domains, customer-list checks, brand keywords, and integrations (Slack/email/webhook alerts) require a paid plan.

Deduplication across providers (the same breach reported by HIBP and LeakCheck collapses to one finding), age filtering (configurable; defaults exclude breaches older than the monitored asset's creation date), and severity scoring based on plaintext vs hashed credentials and the breach source's reliability rating.