Discovering that an executive's data has been leaked can be alarming, but acting to identify the necessary actions for mitigation is essential.
Therefore, we have developed some recommendations that can help in managing these cases.
1. Exposed Credentials (based on emails/documents)
Examples: Corporate or personal email with leaked password; CPF linked to a password.
Recommended Actions (in conjunction with the affected executive):
Validate if the credentials are still active.
Force a password change for the email and any linked services.
Enable MFA (multi-factor authentication), if not already activated.
Evaluate if the exposed password has been reused in other internal or critical systems.
Record the incident and associate it with known leakage campaigns (if applicable).
Notify the executive, according to the internal communication policy.
2. Personal Data in Public Documents on the Internet
Examples: Name, CPF, RG, address, or phone number in public PDFs, query sites, or indexed spreadsheets.
Recommended Actions:
Assess the origin of the document (governmental, journalistic, leakage, etc.).
Request the removal of the publication (through direct contact or legal process, depending on the jurisdiction).
Monitor if the data has been replicated in other sources after exposure.
Notify the executive and record the event for internal audit.
3. Data in Cybercriminal Groups (Telegram, WhatsApp, forums, etc.)
Examples: Executive's email mentioned in discussions about social engineering, targeted attacks, or information sales.
Recommended Actions (the client may request support from Axur through an investigation):
Collect evidence (screenshots, links, group IDs).
Evaluate if the mention is part of an active or planning campaign.
Increase the level of surveillance around the executive (phishing, spear phishing, vishing, etc.).
Consider preventive measures, such as phishing simulations and endpoint security reinforcement.
Escalate the case, if necessary, to incident response teams.
4. Data in Published Files (not official leaks)
Examples: Information included in PDF, TXT, CSV files that are not part of known leaks.
Recommended Actions:
Identify whether the file is original or reused (e.g., spam lists).
Evaluate the type of data exposed and its potential for harm.
Monitor for reuse of that data on other platforms.
If originating from the surface web, carry out a takedown request.
Follow the internal notification protocol and case filing.
5. Fake Profiles on Social Networks
Examples: Accounts posing as the executive on networks like Instagram, TikTok, Facebook, LinkedIn, or X (Twitter).
Recommended Actions:
Verify authenticity with the executive or internal communication team.
Request the removal and/or legal process for the deletion of the profile on the social network.
Monitor the engagement of the fake profile (followers, comments, messages sent).
Assess the need for an alert campaign for employees or partners.
Record the incident and monitor recurrences with name variations.
6. Exposed Credit Cards
Examples: Full number, issuer, expiration date or CVV in files or forums.
Recommended Actions:
Confirm whether the card is active and for personal or corporate use.
Request immediate blocking and issuance of a new card with the bank.
Identify if the card has been used in fraudulent transactions.
Activate internal investigation and financial control procedures.
General Recommendations for All Cases
Manage incidents on the Axur platform, which already has several pieces of evidence.
Add new evidence to the Axur platform ticket if they arise;
Prioritize cases according to the degree of risk (sensitive information + exposure channel).
Be attentive to the history of alerts by executive on the Axur platform, with visualization by recurrence.
Establish a weekly routine of follow-up to verify the persistence or spread of exposures.
Ensure that all actions are in compliance with LGPD, GDPR, or other applicable regulations.
If you have any questions, feel free to reach out at [email protected] 😊