Internet Secure Services Co., Ltd. (Location: Minato-ku, Tokyo, Representative: Toshifumi Tokuda, hereinafter referred to as ISS), a cybersecurity specialist company, has officially announced its "Credential Information Leakage Investigation Service (Abbreviation: Kuremore)" as a standard service. This service aims to support preventative measures by regularly investigating and reporting credential leakage on behalf of clients, thereby avoiding security incidents and damages caused by their misuse.

Many of the threats currently prevalent in the market, such as ransomware attacks and business email compromise (BEC), are triggered by attacks using leaked credentials like email addresses and passwords. Once credentials are leaked, they can be bought and sold on the underground market, increasing the risk of widespread misuse. ISS utilizes "Have I Been Pwned®" (HIBP), a globally renowned tool for investigating credential leaks, to regularly investigate and report on behalf of clients whether employee email addresses and passwords have been leaked. By conducting investigations on a domain-by-domain basis in a comprehensive and exhaustive manner, the service includes email addresses that are easily overlooked or mismanaged, such as those of former employees.

ISS's "Credential Information Leakage Investigation Service (Abbreviation: Kuremore)" is an adaptation of HIBP for corporate use, designed to be an easy-to-use service for everyone. The service is priced very affordably, aiming to be accessible to all organizational administrators and to contribute to preventing incidents before they occur.

- Pricing: The following is as of June 2026.

- Service Introduction and Quote Request Page → Credential Information Leakage Investigation Service

<Features>

Support for Corporate Use

When using the credential leakage investigation tool HIBP (Have I Been Pwned) for corporate purposes, actual operation requires addressing the following issues, such as workload and the risk of investigation omissions:

Normally, each email address, which serves as an ID, needs to be entered individually each time. Therefore, if there are 100 email addresses, 100 separate input operations are required.

Furthermore, only the entered email addresses are subject to investigation, creating a risk of omissions for addresses of former employees or shared addresses not belonging to individuals.

To address these issues, ISS has developed a system that links its proprietary tools with the HIBP platform, enabling batch investigations by domain name (the characters after '@'). This allows for the investigation of all email addresses belonging to the same domain in a single operation, comprehensively and exhaustively covering addresses of former employees prone to misuse and shared addresses easily missed in management, thereby eliminating risks.

<Problems Solved>

Analysis of Vast Amounts of Information

For clients who have not been investigating credential leakage, Kuremore is expected to provide the following benefits:

Determine if their organization's credentials, such as email addresses and passwords, were included in past information leakage incidents.

If credentials were leaked, understand when and where the leakage occurred.

ISS provides leakage information in a list format such as CSV, which can be utilized for SOC monitoring, SIEM analysis, and other security operations.

It is important to note that not all leaks are listed on HIBP, so "not listed does not mean safe." However, Kuremore, by using HIBP, can bring the response to "potential leakage" issues closer to factual basis with low cost, low risk, and in a short time, serving as a valuable and concrete countermeasure.

<Operational Image After Using Kuremore>

Based on reports from ISS, sending internal company emails with content such as the following can serve as a strong preventative measure against security breaches due to leaked credentials, while also significantly enhancing employee security awareness:

Credential Information Leakage Investigation Service (Abbreviation: Kuremore)

Service Start Date: Currently available as of June 2026

Service Overview: A service that investigates whether credentials such as email addresses and passwords have been leaked and notifies clients upon discovery of a leak.

Service Price: Standard Plan ¥30,000/month/domain, Lite Plan ¥10,000/month/domain (excluding tax, prices as of June 2026)

Service Introduction Page: Credential Information Leakage Investigation Service

※ Credentials: https://e-words.jp/w/クレデンシャル.html ("IT Terminology Dictionary e-Words")

※ Have I Been Pwned® is a registered trademark of Superlative Enterprises Pty Ltd.

About Internet Secure Services Co., Ltd. Based on extensive experience and technical expertise in security incident response, Internet Secure Services Co., Ltd. continues to support business continuity for its clients with comprehensive services ranging from prevention to response. With this as its mission, the company engages in its work with the desire to "support those involved in incident response."

【Company Profile】

Company Name: Internet Secure Services Co., Ltd. (Abbreviation: ISSKK)

Location: 13F, H1O Hamamatsucho, 1-2-14 Shiba-Daimon, Minato-ku, Tokyo 105-0012 Representative: Toshifumi Tokuda

Establishment: October 1, 2021

Main Business:

Security Incident Response Business

Vulnerability Assessment / Threat Intelligence Business

Escalation Center Service Business

Personnel Training / Consulting Business

Company HP: http://www.isskk.co.jp Contact for inquiries regarding products and services: info@isskk.co.jp

FACT BOX

  • Source: PR TIMES
  • Category: New Service
  • Organizations: Superlative Enterprises Pty Ltd.