Please be advised on Monday December 22, 2025 (Start Time: 15:00 UTC/ End Time 17:00 UTC) Adlumin will be enhancing Darknet Exposure Monitoring to deliver earlier and broader detection of exposed credentials using newly discovered breach intelligence. As a result, some customers may see new or unexpected alerts as previously undetected credential exposures are identified. SOAR will be turned off by default, allowing partners and customers to choose when and how to enable it based on their specific needs and policies.

What Changed

Darknet Exposure Monitoring now evaluates customer user accounts against newly published credential exposure data from trusted breach intelligence sources.

When exposed credentials are identified, the system checks whether the affected account has changed its password since the exposure first appeared. Accounts that still match exposed or aging credentials are flagged as potentially at risk, enabling earlier intervention and risk reduction. This behavior is expected and reflects improved detection coverage, not a change in customer threat activity.

What To Expect

• Increased or unexpected alerts when new breach data becomes available
• Alerts represent potential exposure, not confirmed compromise
• SOAR is disabled by default and must be enabled to activate response

SOAR Automation

SOAR automation for Darknet Exposure Monitoring is now disabled by default, and partners or customers have the option to enable it if desired.

Monitoring Only (Default, no SOAR actions required):

Alerts and tickets for exposed credentials can be received, enabling manual remediation in line with customer policies and service agreements. Automated

Response via SOAR (Action required):

Organizations that want Adlumin to automatically implement protective measures, such as enforcing password resets, can enable SOAR playbooks. This approach offers faster remediation but may result in short-term user disruption.

Recommended Actions

• Review Darknet Exposure Monitoring settings across tenants
• Confirm whether customers prefer alert-only or automated remediation
• Align SOAR playbooks with customer identity and change-management policies

Why This Matters

Credential exposure remains one of the most common entry points for attackers. This enhancement enables earlier identification and management of credential risks, while allowing organizations to retain complete control over whether and how automated remediation is applied.