We monitor a vast range of sources, including: botnets, peer-to-peer networks, criminal and black market sites that sell credentials, repositories that post these publicly, forums, private networks, bulletin boards, chat rooms, malicious websites, blogs and social media sites.