Frequently Asked Questions
What is Scattered Secrets?
Scattered Secrets is a password breach notification and prevention service. Unlike email breach notification services - like for example Have I Been Pwnd - we provide you with actionable information, not with mainly false alarms. By using Scattered Secrets, you can drastically reduce the risk that hackers will be able to hijack or takeover your accounts.

What is the problem?
All kinds of online services get hacked. This includes services that you are using. Hacked data is published online. There is a lively trade in account data that is included in these data leaks, which means that it is easy for criminals to buy and use inside information to harm you. You do not know what is out there on the street, right up until the moment hackers actually strike. You cannot respond until the damage has already been done. Hackers can takeover your personal, business or customer accounts with (variations of) leaked and cracked passwords.

The solution
Scattered Secrets lets you see which of your passwords have been leaked and cracked and protects you against account takeover attacks. We monitor everything for you and raise a red flag only when information that can actually be misused has been acquired. This makes it possible to take immediate action. You can proactively determine what impact the new knowledge will have on your accounts and systems, and potentially stop your data from being stolen, e.g. through the following measures:

  • Change the password of affected accounts.
  • Investigate if misuse has occurred.
  • Check whether accounts other than those that were reported use the same passwords.
  • Create a blacklist of (variations of) passwords that are unsafe.
  • Prohibit the re-use of email address-password combinations in your online customer portal or local Active Directory.

What makes the service unique?
We provide you with real threats only: email plus corresponding cracked passwords. Many related services do not provide password details of your breached accounts: in many cases a hit just means that your email address is in a SPAM list and no passwords were stolen or passwords are not crackable. This generates many false positives and because of missing passwords, results are not actionable.

Other services that do provide you with passwords, are typically mainly based on large collections of already cracked passwords of unknown origin. As a result, in most cases you do not know where your password was stolen. Furthermore, rebranded copies of the large collections resurface every now and then. Unlike other services, we remove duplicates. So no useless notifications if an old and already known dataset was discovered for the tenth time.

We fully focus on cracking passwords, using advanced technology and smart strategies. Feedback loops make sure that the process is getting more effective and efficient after each iteration: we continuously provide you with more and more complex cracked passwords. So a lot of original and Scattered Secrets only content.

Who are we?
Scattered Secrets BV (chamber of commerce ID 68867530) was founded in 2017 by Rickey Gevers and Jeroen van Beek and is located in Amsterdam, The Netherlands (European Union). We have got a 'Big Four' background and many years of valuable experience in information risk management, IT auditing, IT forensics, incident response and penetration testing, working for many Fortune 500 companies around the globe.

Other questions?
Please do not be shy and contact us!