Catch credential exposure before it becomes account takeover.

Built for IT, security and risk teams that need to monitor employee and customer account exposure — then act quickly with clear next steps.

Daily monitoring. Prioritized remediation workflows. Audit-ready reporting for POPIA and cyber insurance due diligence.

For internal teams and MSPsEmployee + customer credential exposureActionable over alert-noise

FreeDark Web Exposure Scan

Enter your work email to see if your company’s data has been exposed and get a quick risk overview.

• Instant result for personal exposure
• Domain-level risk signal for your business
• No obligation — use it to benchmark your current risk

We use this email to run the scan and show your result. No credit card required.

Choose your next step: run the free scan above for an instant risk snapshot, or book a walkthrough for team rollout planning.

Book walkthrough

Prefer a guided setup for your team?

Book walkthrough

Need a quick overview first? Download brochure.

Why it mattersDark web exposure is a business risk.

Stolen credentials are traded daily. Even when your systems were not directly breached, leaked logins can still be used to access your environment and customer portals.

BreachID gives you early visibility plus a response path, so you can act before attackers do — reducing account takeover risk, operational disruption, and reputational damage.

Outcomes teams care about

Find exposed credentials early
Prioritize what matters with source context
Respond quickly with clear remediation steps
Demonstrate due diligence to auditors and insurers

Built for security operations

BreachID gives security and risk teams a shared operating picture: what is exposed, what matters first, and what has been resolved.

Dark dashboard heatmap showing credential exposure by business unit and risk level

Exposure heatmap

A live view of affected users and domains so your team can spot concentration risk quickly.

Dark UI workflow board showing remediation tasks in triage, in progress and resolved states

Remediation workflow

Action queues with ownership and status tracking to move findings from detection to closure.

Dark analytics card with trend lines and compliance status metrics

Executive reporting

Board-friendly snapshots for POPIA alignment, insurer evidence and response metrics.

Threat intelligence panel with source labels and confidence indicators

Source intelligence

Context on likely exposure origin and infection indicators to support incident investigation.

Security panel highlighting leaked customer credentials associated with a portal

Customer account protection

Identify leaked customer credentials linked to your platform before takeover attempts escalate.

Compliance, insurance and executive reporting.

Insurers and regulators increasingly expect evidence that you can detect, prioritize and remediate credential exposure risk.

BreachID supports this with audit-ready reports, risk visibility and an operational response model teams can execute quickly.

Why choose BreachID over generic threat feeds?

Built for action, not noise
Customer credential exposure, not only internal accounts
POPIA-forward positioning for South African organisations
Reporting for both security teams and executives

POPIAProtection of Personal Information Act
GDPRGeneral Data Protection Regulation
CCPACalifornia Consumer Privacy Act
HIPAAHealth Insurance Portability and Accountability Act

Platform capabilities

BreachID is an operational response layer that closes the loop from detection to remediation — not just another alert feed.

Credential Exposure Monitoring
Continuously detects exposed employee and business credentials linked to your domains, then routes findings into action-ready queues.
Customer Credential Exposure
Detects leaked credentials used by customers on your platform to reduce account takeover risk.
Source & Infection Context
Adds context to findings so teams can triage quickly and investigate likely exposure paths.
Alerting & Workflow
Supports operational response with clear actions your team can execute immediately.
Compliance & Insurance Reporting
Provides audit-ready reporting for governance, POPIA alignment and cyber insurance evidence.

Proof over promises.

Already ran the free scan? Next step is a focused walkthrough to map your monitored scope, response workflow and reporting needs.

Clear ownership

Track who is assigned to each remediation action and what still needs closure.

Progress visibility

See exposure trends and response movement over time in one operating view.

Audit-ready evidence

Export reports your governance team can use for POPIA and insurer discussions.

Book a BreachID walkthroughNo obligation — we’ll align on fit, rollout effort, and practical next steps.

Choose the right plan for your risk profileBreachID plans

All plans include the same detection-and-response foundation. As you move up, you increase monitored scope, reporting depth and support.

Spark
Small teams getting started with proactive monitoring
R1,495
Billed monthly (incl. VAT)
- •50 Breached Emails
- •2 Domains
- •Daily monitoring + alerts
Start with Spark
Beacon
Growing businesses managing multiple domains
R4,830
Billed monthly (incl. VAT)
- •200 Breached Emails
- •5 Domains
- •PDF reporting + support desk
Upgrade to Beacon
Lumen
Enterprise teams with customer portals and high login volume
R8,050
Billed monthly (incl. VAT)
- •500 Breached Emails
- •10 Domains
- •Investigation support + telephonic assistance
Go with Lumen

Every plan includes

✓Daily dark web scans of your domains
✓Employee and customer credential exposure detection
✓Alerts on newly discovered breach records
✓Operational remediation workflow tracking
✓Report export and scheduled reporting
✓Compliance and cyber-insurance readiness support

Need something tailored?

If your scope exceeds these tiers, contact us for a custom enterprise package.

Frequently Asked Questions

Most security tools focus on activity inside your environment. BreachID focuses on exposed credentials and dark web signals that often appear before account compromise, then structures response actions your team can execute quickly.
It helps teams move from detection to remediation with less noise and clearer ownership.
BreachID scans daily across all plans and alerts on newly discovered exposure records tied to your monitored scope.
A Breached Email is one unique email address found in one or more breach records. Repeated exposure of the same address still counts as one unique breached email for licensing.
Yes. BreachID includes Customer Credential Exposure to help identify leaked credentials your customers use on your platform, even when the leak originated elsewhere.
No. BreachID does not store full clear-text passwords. It minimizes sensitive retention while still enabling validation and remediation workflows.
BreachID provides audit-ready evidence and reporting that demonstrates continuous monitoring and response capability for governance, POPIA-aligned controls and insurer due diligence.
Immediately enforce password resets, revoke risky sessions, verify MFA posture, and investigate the source context. BreachID gives you the evidence trail and workflow context to coordinate this response quickly.
You can move to a higher tier or a custom package to increase monitored domains and breached-email capacity while keeping historical visibility and reporting continuity.

Competitor matrix

High-level positioning view for buyer conversations. This comparison emphasizes operational response, remediation workflow, and reporting value rather than broad CTI parity claims.

Vendor	Core Focus	Employee Exposure	Customer Exposure	Remediation Workflow	Compliance / Executive Reporting
BreachID	Operational credential exposure response layer	Strong	Strong	Strong	Strong
Constella	Identity intelligence	Strong	Medium	Light	Light
Flare	External threat exposure + CTI	Medium	Light	Medium	Light
SOCRadar / Cyble	Broad CTI + exposure monitoring	Medium	Light	Light	Light
Serus.ai	Brand / external threat visibility	Light	Light	Medium	Medium

BreachID

Recommended fit

Core Focus: Operational credential exposure response layer
Employee Exposure: Strong
Customer Exposure: Strong
Remediation Workflow: Strong
Compliance / Executive Reporting: Strong

Constella

Core Focus: Identity intelligence
Employee Exposure: Strong
Customer Exposure: Medium
Remediation Workflow: Light
Compliance / Executive Reporting: Light

Flare

Core Focus: External threat exposure + CTI
Employee Exposure: Medium
Customer Exposure: Light
Remediation Workflow: Medium
Compliance / Executive Reporting: Light

SOCRadar / Cyble

Core Focus: Broad CTI + exposure monitoring
Employee Exposure: Medium
Customer Exposure: Light
Remediation Workflow: Light
Compliance / Executive Reporting: Light

Serus.ai

Core Focus: Brand / external threat visibility
Employee Exposure: Light
Customer Exposure: Light
Remediation Workflow: Medium
Compliance / Executive Reporting: Medium

Let's Start a Conversation

We'd love to hear from you! Whether you have a question, need a bit of guidance, or just want to learn more about our services, our team is here and happy to help.

Feel free to reach out using the contact details below, or use our full enquiry form for faster triage.

Get in Touch

Talk to Sales

+27 10 593 0601

sales@tph.io

Need product support?

Support Portal

Penetration Testing

Security Consulting

Managed Security Services