Most organisations are aware of and are protecting themselves against the threat posed by an attacker gaining access to systems through the exploitation of security vulnerabilities within the organisation’s systems. However the potential threat that information unintentionally leaked and freely available over the internet can pose to an organisation.
This type of information gathering is frequently undetected as the attacker may never need to come into contact with the targets servers. In this paper we will review techniques and processes for discovering leaked information as well as providing a series of steps organisations can follow to limit their exposure to this kind of threat.