Consumer Records

Consumer Records represent credential exposures that do not belong to the organization’s corporate domain. For example, when monitoring acme.com, any leaked account that is not in the format <user>@acme.com is classified as a Consumer Record.

This includes:

• Personal email addresses (e.g., Gmail, Yahoo, Outlook) used by employees or third-party users

• Accounts identified only by usernames with no associated corporate email

• Credentials originating from infostealer infections or breached platforms where users signed up using non-corporate identities

By separating Consumer Records from corporate-domain leaks, Whiteintel enables organizations to clearly identify direct corporate exposures while still assessing potential risks such as password reuse, supply-chain access, and lateral movement.