Email Security Breaches, Scams, Dark Web Investigation Tools

Security Breach Investigation Record

Category: External Exposure & Browser Risk Review


1️⃣ External Credential Exposure Check

Tool Used

Have I Been Pwned

Purpose

To determine whether:

  • Organizational email addresses

  • Admin accounts

  • Shared service accounts

Have appeared in known public data breaches.

Action Steps

☐ Search all key organizational email addresses
☐ Document breach occurrences (if any)
☐ Identify affected services
☐ Reset passwords immediately (if exposed)
☐ Enforce MFA if not already enabled
☐ Log findings in security register


2️⃣ Browser Extension Risk Review

Product Reviewed

Gener8 – Gener8 Browser

Risk Assessment Considerations

Browser-based ad platforms may:

  • Collect browsing behavior data

  • Inject ads or tracking scripts

  • Access page content

  • Request elevated browser permissions

IT Control Recommendations

☐ Prohibit installation on company devices
☐ Remove if found installed
☐ Restrict browser extension installations
☐ Enforce managed browser policies (via Google Admin / Intune)
☐ Document approved extension whitelist


Governance & Compliance Considerations

For a nonprofit handling:

  • Donor data

  • Payment information

  • PCI-related systems

Browser-based adware or tracking tools present:

  • Data leakage risk

  • Session hijacking exposure

  • Compliance complications


Recommended Security Posture

For HCI CA devices:

✔ Only allow approved browsers
✔ Disable extension self-install permissions
✔ Require MFA on all critical platforms
✔ Perform quarterly Have I Been Pwned checks
✔ Maintain incident response documentation


Good to consider:

  • A Quarterly Cybersecurity Audit Checklist