What Are Threats in Selki?

In Selki, a Threat represents an exposure of a digital identity (employee or customer) discovered in external compromised sources such as infostealer logs, data leaks, breach repositories, or public paste sites. These findings indicate that a credential associated with your organization or user base has been compromised and may be actively at risk.

Selki continuously collects, processes, and correlates leaked credentials from a wide ecosystem of threat-intelligence sources. When a match is found between an exposed identity and an email/domain monitored by your organization, a new Threat is generated.

Threats are the core of Selki’s identity exposure monitoring capability and provide actionable visibility into real-world risks affecting your environment.

Why Threats Matter

Leaked credentials are one of the most common vectors of account takeover (ATO), fraud, unauthorized access, and lateral movement. Once exposed, these credentials can be:

• sold or shared in cybercrime communities
• reused by attackers to access corporate systems
• incorporated into automated tools (credential stuffing, botnets)
• used in targeted social engineering or phishing attacks
• exploited to access customer accounts or platforms

Identifying these exposures early helps prevent severe downstream incidents.

Types of Threats Selki Detects

Selki categorizes threats based on the source and nature of the exposure:

1. Infostealer Malware

Credentials captured by malware installed on infected devices.

These exposures are high-risk because the data is fresh, real-time, and often includes:

• emails
• passwords
• session tokens
• browser-stored credentials
• autofill data
• hostnames

Infostealers are one of the most dangerous exposure types due to the immediacy and accuracy of the stolen information.

2. Breach Dumps

Credentials leaked from large-scale data breaches affecting third-party services or platforms used by your employees or customers.

These exposures may include:

• emails
• hashed passwords
• personal data
• tokens or identifiers

Although sometimes older, breach dumps remain a major source of compromise when passwords are reused.

3. Paste Sites and Public Repositories

Credentials unintentionally published in:

• public text-sharing sites (pastebins)
• open-source repositories
• forums or public datasets

These exposures may indicate misconfigurations, human error, or compromised accounts.

Who Can Be Affected?

Selki detects exposures across two key groups:

Employee Threats

Accounts, emails, or credentials belonging to internal staff.

These exposures can compromise corporate systems and infrastructure.

Customer Threats

Identities belonging to your platform’s end users or clients.

Detecting these helps prevent fraud, unauthorized access, and account compromise at scale.

How Threats Are Generated

A threat is created when Selki detects:

1. An exposed credential or identity in an external compromised source
2. A match between that identity and the domains or watchers you monitor
3. Classified metadata confirming its validity

Threat generation includes:

• severity assignment (Low, Medium, High, Critical)
• exposure type (infostealer, breach, paste, etc.)
• first seen / last seen timestamps
• findings such as hostname, password availability, occurrences

What Happens After a Threat Is Detected?

Once created, threats appear in:

• The Threats List (main view)
• The Dashboard (aggregate analytics)
• Filters and Watchers (domain-level organization)

Security teams can:

• investigate the exposure
• review detailed findings
• contact affected users
• force credential resets
• close or re-open the threat
• export data to PDF/CSV/XLSX

Summary

Threats in Selki represent verified identity exposures found in real-world compromised environments. Detecting these exposures early is essential for preventing unauthorized access, fraud, and broader security incidents.

To continue learning, check the article:

Understanding the Threats List

Updated on: 01/12/2025