From leaked passwords to a new kind of threat
While data breaches used to focus mainly on exposed passwords, a more serious risk is now taking centre stage. Infostealer malware infects personal or unmanaged devices and quietly collects passwords, browser sessions and authentication tokens. With that information, criminals can log in to corporate systems as if they were legitimate users, sometimes without needing a password at all.
This type of access is highly valuable on underground marketplaces. Stolen sessions often provide instant access to cloud tools, business applications, and internal platforms. By the time a security team notices suspicious activity, these sessions may already have been sold multiple times. Passguard tackles the problem where it starts: in the places where this access is traded.
From investigative work to a cybersecurity startup
The idea for Passguard began during the founders’ time at a private investigations bureau. While conducting pre-employment screenings and background checks, co-founders Tom Leijte and Sanno van der Graaf regularly used open-source intelligence and, when necessary, the dark web.
Over time, they noticed how much stolen access was circulating and how little organisations knew about it. At that moment, they saw infostealer malware spreading rapidly across personal devices that fall outside traditional security controls. That combination revealed a clear gap: companies were securing their internal systems, while the real danger was growing elsewhere.
This insight led to the founding of Passguard in 2021. The team built and maintains long-standing profiles inside multiple criminal communities, giving them direct visibility into which accounts, sessions and devices are being traded. Passguard then alerts its customers with clear, actionable information, allowing them to revoke access before attackers use it.
When we saw how much stolen access was circulating on the dark web, far beyond what organisations realised, that was the moment we understood how big this is and that we needed to act.” –
Tom Leijte, co-founder and CEO of Passguard
A blind spot for many organisations
Passguard primarily supports mid-sized and large companies, as well as managed service providers that protect their clients’ digital environments. Even organisations with strong cybersecurity processes still face infections on employees’ personal laptops and home computers. These compromised devices can give criminals everything they need to walk straight into corporate systems.
Other threat intelligence companies exist, but Passguard distinguishes itself by going directly to the source. Instead of buying stolen datasets from criminal marketplaces, which financially sustains the criminal ecosystem rather than undermining it, the company uses its own verified access to multiple underground forums. This provides more reliable insights and reduces dependence on criminal networks. Awareness remains one of the biggest challenges. Many companies still underestimate how common infostealer infections are or assume that multi-factor authentication alone will stop them.
We often do not compete with other companies, but with the lack of awareness that this risk exists at all.” –
Tom Leijte, co-founder and CEO of Passguard
YES!Delft and the road ahead
Passguard welcomed its first customer in March 2023. This year, the company has more than tripled its annual recurring revenue, secured an investment round and grown to a five-person team. The YES!Delft Accelerator program and Cyber Program played an essential role in this development. It helped the team refine their commercial strategy and connect with mentors who challenged their assumptions. One of those mentors, cybersecurity entrepreneur Pieter Jansen, later became an investor.
Our ambition is to become the leading European company in dark web data.” –
Tom Leijte, co-founder and CEO of Passguard
In the year ahead, Passguard aims to expand its customer base, deepen partnerships with managed service providers and prepare for an upcoming funding round. The long-term goal is clear: to build Europe’s most trusted source of dark web intelligence and give organisations the chance to stop cyberattacks long before they reach their systems.
Companies or investors interested in collaborating with Passguard are encouraged to contact Tom at tl@passguard.com.
