Insider Sept 11, 2025

Leaked HR creds fuel boutique data-broker listings

Credential theft targeting HR and talent acquisition teams is powering boutique data-broker storefronts offering verified employee dossiers. The leaks expand threat surfaces for insider recruitment, phishing, and data extortion campaigns across professional services firms.

What we're seeing

Sellers on BreachForums clones list “corporate dossiers” with HRIS exports, payroll data, and internal chat archives.
Credential harvesting stems from MFA fatigue and browser token theft via info-stealer malware.
Listings bundle verified recruiter inboxes that accelerate social engineering of executives and finance staff.

Impact assessment

Exposure of HR platforms gives adversaries the ability to map workforce hierarchies, identify privileged users, and source pretext material. Boutique brokers differentiate by curating records for high-value industries, making this trend a cross-over between insider recruitment and business email compromise operations.

Engage the Insider practice

Our Insider team specializes in counter-recruitment operations, exposure monitoring, and digital risk reduction. Reach out to align safeguards with the latest leak intelligence.

Schedule a briefing