Check your exposure on the dark web

By Greg LaFollette, CPA/CITP, CGMA

In October 2017, I watched Ted Ross, the CEO of SpyCloud, present at the prestigious Finovate New York show. His 15 minutes on stage electrified the audience of more than 1,000 high-tech entrepreneurs and investors, and impressed me so much that I chased him down to learn more about him and his company. The ensuing conversation resulted in a lunch followed by a series of conference calls and ultimately with his keynote at the AICPA/ 2018 Executive Roundtable.

Since then, SpyCloud has grown in size, services, and stature. Let me tell you why SpyCloud is so important. Warning: What you find out will terrify many of you. But rest easy — Ross is a white hat. He's an Air Force veteran with nearly 30 years of experience in cybersecurity with some of the best-known enterprises in the world.

Ross's crew at SpyCloud are good guys who impersonate bad guys on the web. They craft criminal personas, often in cooperative efforts with law enforcement, that eventually gain them access to the blackest corners of the dark web. There they are privy to the hundreds of millions of pieces of PII (personally identifiable information) that are bought, sold, and traded every day. That accumulated knowledge is parsed, organized, correlated, and analyzed for the benefit of SpyCloud customers, who are immediately notified of compromised records so they can reset exposed passwords.

SpyCloud claims the world's most comprehensive repository of stolen credentials and identifying information. It's the same data that the bad guys are using — but cleaned up, decrypted, and normalized to SpyCloud's constantly growing private database. It includes the source of each record and the actual breached password. More than 90% of the passwords were stored in unencrypted files.

After a successful hack, criminals quickly sell or exploit the stolen data by accessing accounts and systems. If you're hacked, you are at high risk of account takeover (ATO) fraud. SpyCloud is designed to eliminate or at least reduce that risk.

Go to to check your exposure. After you enter and confirm your email address and set up a free account with password protection, SpyCloud will immediately report the compromises found while scouring the dark web. The "volunteer" at the above-mentioned Executive Roundtable watched in horror with more than 80 other technology executives as SpyCloud revealed hundreds of compromised email addresses within his firm's domain. This revelation prompted most everyone in the room to run the Check Your Exposure test. In the spirit of full disclosure, I've included a screenshot of the exposure report on my personal email and domain (see below). Ouch!

SpyCloud’s Check Your Exposure test results

SpyCloud’s Check Your Exposure test results

SpyCloud's free Check Your Exposure service is proof positive that ignorance is not bliss! I guarantee you'll find you have exposed records.

SpyCloud also offers fraud investigation services, third-party risk management, and other specialized cybersecurity services. The company's website includes myriad white papers and details on its various service lines. Its competitors include BlueVoyant, Cybersecurity, F-Secure, IronNet, Kount, and Kyrus Tech.

P.S.: Quit reusing passwords!

Greg LaFollette, CPA/CITP, CGMA, is a strategic adviser with, the commercial subsidiary of the AICPA. To comment on this article or to suggest an idea for another article, contact Jeff Drew, a JofA senior editor, at or 919-402-4056.

Where to find June’s flipbook issue

The Journal of Accountancy is now completely digital. 





Leases standard: Tackling implementation — and beyond

The new accounting standard provides greater transparency but requires wide-ranging data gathering. Learn more by downloading this comprehensive report.