Partnering with SpyCloud

We’re excited to announce a new partnership with SpyCloud and the release of the new User Intel service!

Who is SpyCloud?:

SpyCloud is the industry leader at discovering breached and exposed credentials. SpyCloud maintains the most extensive collection of exposed data being traded on the dark web and is able to discover exposed data before it is used to cause harm. Data from SpyCloud is generally available weeks or even months before it becomes available to “dark web scanners.”

SpyCloud helps by enabling you to check user details and passwords against an entire repository of recaptured darknet data, so you can tell how many times a password has ever appeared in a breach or in a malware victim log.

How does SpyCloud work with Pangea?

Users are often one of the weakest points in an application's security posture. Because of this, user credentials require extra attention, and NIST even calls for organizations to proactively check user credentials for weak passwords and previous breach exposures.

Using Pangea together with SpyCloud we’re able to provide a new User Intel service, which can be leveraged to verify whether or not new or existing users were involved in a breach and have compromised passwords:

• When accepting new user registrations, an application can be designed to check if the user's email address or username was in a breach.

• Passwords can be checked to restrict the user from using a common or previously breached password.

• You can add logic for “high risk accounts” which require two factor authentication or more frequent password changes.

• On login, date ranges can be used to query the user's password and determine if it was in a breach since the previous log in, adding security without sacrificing responsiveness.

• In the case of a breach, you can then add logic for additional authentication checks or force password resets.

These new capabilities greatly increase user security, and help to mitigate issues directly in-product in a timely way without having to get support or security involved with a compromised account.

The User Intel service will initially be in Beta then released to General Availability (GA) in a few weeks.

The User Intel Service provides two endpoints to look up breached data:

• Look up Breached Users: This endpoint allows a user to find out if an email address, username, phone number, or IP address was exposed in a security breach. SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware-infected devices, and other underground sources – The size of the database grows weekly but as of 4/6/2023 exceeds 380 billion assets.

• Look up Breached Passwords: This endpoint allows a user to check a password for weak, common, and compromised passwords by checking how many times (if ever) the password has appeared in the SpyCloud database, regardless of username. To securely check passwords against the database, the Password Exposure API uses an approach called k-anonymity. Only the first 5 characters of each password hash are sent over the network — never the user’s plaintext password. This method offers the benefit of identifying matches without exposing exact passwords and also ensures that if the traffic were intercepted, it would be useless to an attacker.

Visit our documentation for more information and to learn how to secure your next application using Pangea.

Follow us on Twitter and join our community Slack channel. We have a team of developers ready to help support your next project and answer any questions you have.