Simplicity Media Ltd (UK)

Of course! On top of our basic package, we can also provide the following extras;

Some clients choose to give us feedback on the IP addresses associated with stolen accounts, which is then made available to all our clients via the shared intelligence database. Clients can then opt for an extra service which alerts them to users associated to known abusive IPs/CIDRs.

Our intelligence database also collects information about known 'seedboxes', these are servers used for the sole purpose of stealing content, rendering it, and sharing it back to other users. Most often, users will download files directly from these seed boxes, otherwise the bandwidth/time is increased severely for the file sharer. Our system can alert you to these IPs addresses, so you can take necessary action to stop them downloading.

We can also provide a risk assessment for each hit (if provided by the originating intelligence report), which can aid in preventing chargebacks.

If you are generating lots of warnings, you may opt to have us automatically send your users a warning email, and reset their password, every time a stolen user/pass is found on your database. Please note, this feature is a custom/bespoke requirement, and would need to be assessed by our engineers to ensure your systems are compatible (most are - even non standard ones).

Our company is predominately a software house, so if you require a particular service, please don't be afraid to ask!

BlueProtect is a unique subscription based service which provides intelligence on stolen user information, helping you fight back against fraudsters, lost sales, and content theft.

Our database contains tens of millions of user/pass combos, updated on an hourly basis, collected from thousands of online services (such as hidden forums, chat rooms etc). We also have agreements in place with other companies for them to share their intelligence with us on an anonymous, mutual basis.

BlueProtect does not require any code modifications, and can usually be set up within 24 hours. Our team doesn't even need direct access to your servers, we provide you with a small (un-encrypted) script which your technical team can install themselves.

The first part is called 'Automate'. This crawls the most high profile/well known sites without being detected. This information is automatically fed into the intelligence database, then pushed out to all our clients.

The second part is called 'Feedback'. This is used by some of our high profile clients who have dedicated teams to use the agent themselves for checking their own intelligence. Whenever they submit a bulk combo of users/passwords to the agent, this information is then sent to our database, and pushed out to all our clients.

Our database does *NOT* collect or store any of your private information, and all queries to your database are audited by your own server, so you can see exactly what is happening.

We currently have around 1-2 million new user/pass combos being added to our database every week (on average). Our entire business model relies on contributors remaining anonymous, so for this reason, we cannot disclose who/what our sources are.

Here are some of the most frequently questions we are asked;

All code is fully open, and unencrypted, so your developers can validate the code for themselves to ensure there are no nasties.

No. Our system will only tell us how many user/pass combos were valid, it will not give us any further information.

This is a common misconception. It is common place for rival companies to share information which is mutually beneficial to all parties (take credit card processors for example).

Our systems have been tested with NATS, CARMA & BetterCGI StrongBox. However, our agent script can be modified quickly/easily by our engineers to work with any system. The minimum requirement is that you must have either PHP or Python installed on your server.

Apart from the initial assessment (which takes around 30 minutes), the actual deployment of the script is a matter of minutes. The usual turn around 28 days from enquiry.

No. Although it is easier for us to do it, our engineers can guide your developers through the set up procedure if you are unhappy about giving out SSH access.

Yes. We offer a range of bespoke solutions to aid in abuse & fraud detection. For more information, please contact us with your requirements.

For privacy reasons - we never disclose which companies are using this product (see earlier notes), however we are able to provide anonymous statistics.