Third Party Risk Management: Investigating a Leak of Sensitive Data from a Customer

by | Apr 8, 2020 | Case Study, Outside Intel, TPRM Exposure

The Challenge

A global data and infrastructure provider (The Client) determined a very tightly controlled database was for sale on the dark web. The Client discovered this database was being sold on criminal forums and needed to attribute the seller and the source of the leak.

Why Nisos

While the Client subscribed to advanced datasets and had a robust investigative capability, they had limited ability to complete investigations of this complexity in-house.


The Client provided information regarding the leak including IP, hostnames, and dark web handles of the actor. Our analysts conducting the external attribution investigation did not need network access to the Client’s environment. We used our access to external telemetry and proprietary datasets to support the engagement.


We were able to determine the third-party origination point of the database leak and attribute the leak to an exposed Elasticsearch instance hosted within Microsoft Azure. We leveraged data sources and Open-Source Intelligence (OSINT) analysis to positively identify the source of the leak by fingerprinting the structure of the data the third-party victim of the breach had used.

We provided the client with detailed information on the actor involved in selling the information, including a timeline of when the actor likely obtained the information, a profile on the actor’s location and heritage based on regional expertise, and analysis of the actor’s infrastructure to support prevention of future attacks for the Client and its third party partners.


The Client was able to prevent months of effort conducting insider threat investigations that ultimately would have not returned positive results and to provide stakeholders with assurance that no further damage occurred. Our ability to quickly integrate into the investigation with no need for internal network access encouraged the Client to take on additional challenging high impact investigations that would have otherwise remained unresolved.

About Nisos

Nisos is the Managed Intelligence™ company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.

For additional information, contact

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks