Skip to main content
All CollectionsBasic Features
Email Compromises
Email Compromises
Damien Cantelo avatar
Written by Damien Cantelo
Updated over 3 months ago

Purpose

The Compromises feature regularly checks to see if any of your staff's emails have been involved in a data breach and published on the dark web. If a website (such as Facebook for example) gets hacked and user details are stolen, then the hackers will usually post those details (typically email addresses, passwords and other information) on the dark web for sale. Other cybercriminals can then purchase those details and use the usernames and passwords to try to log in to other websites in the hope that the compromised users have re-used their same username and password on other sites. This is a common attack type known as credential stuffing and it's important for you to be aware if your staff have been caught up in a breach as it could lead to their work accounts and/or work devices being compromised.

NOTE: A 'Compromise' in this context relates to a security breach on a 3rd party website and doesn't mean that your own systems have been compromised, but it could lead to that occurring if not managed properly.
โ€‹

Check for Compromises

  1. Select Compromises in the main menu. The compromises screen lists all members of your team and their breach status.
    โ€‹

  2. The Status of each member can be seen:

    1. "Unknown" - This user hasn't been checked yet. It should happen shortly.

    2. "No Breaches" - No breaches found for this user.

    3. "Action Required" - This user has been involved in a data breach (see below).

Resolving Compromises

  1. If the status is "Action Required", then this user has been involved in an external data breach. The list of sites that experienced a breach will be listed in the Data Breaches table on the bottom left.

  2. The Compromised users will receive an email confirming they have been involved in a data breach.

  3. They can click on the link in the email or log in to Apollo Secure.

  4. In the Compromises section, they can see the list of the sites they have been compromised in.

  5. They should log in to those 3rd party sites and change their password for those sites, and any other sites that use the same password.

  6. Back in Apollo Secure, they need to click Acknowledge to confirm they have changed their passwords for each of the sites where they have been compromised.

  7. Once this is done, their Status will show as "Recovered".

NOTE: Owners don't have access to change the status of other users. Users need to do this themselves as only they should log in to the 3rd party sites to channge their passwords.

Did this answer your question?