Attackers used a hacked LinkedIn profile to obtain an employee's ID and home address, which was enough to nearly bypass help desk security.
Automated scanning of public data sources, breach databases, and social platforms to detect exposed employee PII (names, employee IDs, addresses, org charts). Alerts security teams and recommends remediation like rotating employee IDs or updating verification procedures.
subscription tiered by employee count
The Reddit post with 843 upvotes describes a near-miss social engineering attack using publicly available employee data. This is a top-of-mind pain for CISOs. Social engineering is now the #1 initial access vector. The MGM/Caesars attacks in 2023 (help desk pretexting) caused hundreds of millions in damages. This is keep-your-job-level pain for security leaders.
Every enterprise with 500+ employees is a potential customer. Mid-market is underserved. TAM for the broader DRPS category is $4-6B by 2028. The specific employee exposure niche is $500M-$1B and growing fast. Enterprise security budgets are expanding even during downturns.
Existing competitors charge $25K-$100K+/year and are growing. Post-MGM/Caesars, boards are asking CISOs specifically about social engineering defenses. Compliance requirements (SOC2, NIST) increasingly mandate exposure monitoring. Security teams have budget and are actively seeking solutions in this category.
This is the hard part. Data acquisition is the moat and the bottleneck. Breach database access requires darknet relationships or data partnerships that take years to build. LinkedIn scraping violates ToS and is actively blocked. Data broker APIs exist but are expensive. A solo dev can build the alerting/dashboard MVP in 4-8 weeks, but the DATA PIPELINE is the real product and that is extremely hard to bootstrap alone. You would likely need to integrate existing APIs (HIBP, Dehashed, Hudson Rock, data broker feeds) rather than building your own collection.
Clear gap exists: no product unifies breach data + social media OSINT + data broker exposure + org chart leakage into a single social engineering risk view. Competitors are siloed by data source. None simulate how an attacker would use exposed data for pretexting. Mid-market pricing ($5K-$15K/year) is a desert. However, the incumbents could add these features, and data access is a barrier to entry.
Natural subscription model. New breaches happen daily. Employees join and leave. Social media changes constantly. Data broker listings regenerate after removal. Continuous monitoring is inherently recurring. Existing competitors all use subscription models successfully. Low churn once embedded in security workflows.
- +Validated acute pain point — social engineering via exposed PII is the #1 attack vector and responsible for headline breaches (MGM, Caesars, the Reddit incident)
- +Clear gap in market — no product unifies breach + social media + data broker exposure into a social engineering risk score
- +Strong willingness to pay — CISOs have budget and board pressure to solve this specific problem
- +Natural recurring revenue — continuous monitoring with daily new exposure data
- +Mid-market pricing gap — opportunity to undercut $25K+ enterprise tools at $5K-$15K/year
- !Data acquisition is brutally hard for a solo founder — breach databases, LinkedIn scraping, and data broker feeds require partnerships, legal navigation, and significant cost
- !Legal minefield — scraping LinkedIn violates ToS, handling breach data has GDPR/privacy implications, data broker regulations vary by jurisdiction
- !Incumbents (SpyCloud, Flare) could add social engineering risk scoring features faster than you can build data pipelines
- !Enterprise sales cycles are 3-6 months with procurement, security reviews, and compliance requirements — cash flow challenge for a bootstrapped founder
- !Data freshness and accuracy are table stakes — false positives erode trust fast with security teams
Recaptures stolen credentials and PII from darknet sources and infostealer malware logs. Focuses on account takeover prevention with automated remediation workflows like forced password resets.
Threat Exposure Management platform monitoring clear web, dark web, and Telegram channels for leaked credentials, documents, and source code. Modern UI with fast onboarding.
Identity threat intelligence platform that builds identity graphs connecting exposed data points across multiple breaches. Offers employee protection, executive/VIP monitoring, and fraud prevention.
Cybercrime intelligence from infostealer malware
Digital risk protection covering social media, deep/dark web, and email. Stronger on social media monitoring and brand protection than pure credential monitoring.
Aggregate-and-alert MVP using existing APIs (HIBP, Dehashed API, data broker APIs like BeenVerified/Spokeo commercial feeds) rather than building your own data collection. Upload employee roster CSV, scan across 3-4 data sources, generate a per-employee exposure report showing what an attacker could find. Include a 'social engineering attack scenario' for each high-risk employee showing how exposed data could be weaponized for pretexting. Ship as a one-time scan first (lower friction), then upsell to continuous monitoring.
Free single-employee scan (lead gen) -> One-time company scan report $500-$2K -> Continuous monitoring subscription $5K-$15K/year by employee count -> Enterprise tier with SIEM integration, automated remediation, and executive protection $25K+ -> Upsell data broker removal service as add-on
8-12 weeks to first paying customer IF you start with one-time scan reports sold to mid-market security teams. 6-9 months to meaningful recurring revenue ($10K+ MRR). Enterprise sales cycles will add 3-6 months. Fastest path: sell one-time exposure audits to security consultants and MSSPs who resell to their clients.
- “his LinkedIn had been hacked a few years ago and that was probably how the attacker was able to provide his employee ID and address”
- “He introduced himself with his name, employee ID, and home address so I got a false sense of security”