ThaiCERT Digital Service
Credential Leak Management System
A service for organizations to manage, review, monitor, and assess risks from potentially leaked user account data, supporting appropriate prevention and response to cybersecurity threats.
Service Overview
User account data leak management service
A credential leak refers to user account information related to system access, such as usernames, passwords, or other login-related data, which may be misused for unauthorized access or further cyberattacks.
The Credential Leak Management System is a service that helps organizations manage and review information that may be related to their own systems in a structured manner. The service is designed with consideration for data security, appropriate access scope, and the use of findings to support risk reduction within the organization.
Service Capabilities
How this system supports organizations
This service supports organizations in managing and reviewing relevant information, assessing risks, and using the findings to strengthen cybersecurity prevention measures.
Identify information related to an organization
Support the review of potentially leaked user account data by referring to domains, keywords, or other information related to the organization for initial risk assessment.
Manage credential leak data systematically
Support the collection, organization, review, and management of user account leak information to help agencies work more efficiently and consistently.
Support risk assessment
Help agencies use detected information to assess risks, plan mitigation measures, and improve the security controls of user accounts and related systems.
Support appropriate response actions
Enable agencies to review relevant user accounts, reduce potential risks, and help prevent unauthorized access to organizational systems.
Security & Data Protection
Security and data protection
As the system involves sensitive cybersecurity-related information, the service design emphasizes access control, data security, and appropriate use of information.
Controlled Access
System usage is managed under appropriate access control and authorized scope.
Data Protection
The service emphasizes protection of user account data and other sensitive cybersecurity-related information.
Audit & Accountability
The service supports usage tracking and accountability to enhance transparency and security.
Risk-based Response
Agencies can use the information to support response actions based on the level of risk.
Request Access
How to request access
Organizations that wish to use the Credential Leak Management System may contact ThaiCERT to coordinate access request details and related procedures.
- Send an access request email Organizations that wish to request access to the system may send an email to ThaiCERT with basic information about the organization.
- Coordinate organization details Provide the organization name, contact person, contact channel, and intended scope of use for consideration.
- Proceed according to the required process ThaiCERT will coordinate further details regarding system usage guidelines and related procedures.
Data Handling Notice
Important notice on data usage
Information found through the system should be used only for internal review, risk assessment, and the organization’s preventive measures. User account data or sensitive information should not be disclosed publicly, and agencies should strictly follow their internal cybersecurity policies.
Credential Leak Management System
Credential leak management service for organizations
Organizations that wish to request access to the system may send an email to thaicert@ncsa.or.th