The Marlowe Family
Primary residence in Westchester, NY. Lake house in Vermont. Four family members. Seven monitored devices per location. This report covers all of it.
What we found in the first five days.
Four credential pairs associated with family email addresses appear in dark web breach compilations. The oldest dates to a 2019 retail data breach; the most recent surfaced in a credential stuffing list published in January of this year. Two of those credentials — belonging to the adult accounts — were still active and unchanged at the time of this assessment. One matched the password used on a financial services account. We have flagged these for immediate rotation.
The Westchester router is running firmware from March 2022. The manufacturer released three security patches since then, including one that addressed a remote code execution vulnerability actively exploited in the wild in 2023. The router's remote administration interface was enabled and reachable from the open internet. We have documented the remediation steps and will walk through them on our first coordination call. The Vermont router is current.
The two children each have gaming platform accounts — one on Steam, one on a console network — using passwords that match variants of a pattern shared with other household accounts. Neither account had two-factor authentication enabled. The executive's LinkedIn profile, which is set to public, contains travel history inferred from conference tags and employer endorsements dating back four years. That information is sufficient to construct a detailed schedule pattern — the kind of information a targeted phishing or physical security attacker would find useful. We will address the LinkedIn privacy settings as part of the identity layer review.
Who and what we're watching.
| Member | Profile | Status |
|---|---|---|
| Adult 1 | Executive, frequent traveler, corporate email + personal accounts | Active |
| Adult 2 | Self-employed consultant, operates home office, client data on device | Active |
| Child 1 (16) | High school student, gaming accounts, social media | Active |
| Child 2 (12) | Middle school student, tablet-primary, school accounts | Active |
| Device | Owner | Coverage |
|---|---|---|
| MacBook Pro (work) | Adult 1 | Enrolled |
| iPhone 15 | Adult 1 | Enrolled |
| MacBook Air | Adult 2 | Enrolled |
| iPhone 14 | Adult 2 | Enrolled |
| Gaming PC | Child 1 | Enrolled |
| iPad Pro | Child 2 | Enrolled |
| Home network (router + 4 nodes) | Shared | Needs patch |
| Category | Accounts | Monitoring |
|---|---|---|
| Financial | 4 (banking, brokerage, 401k, HSA) | Dark web alerts |
| Email (primary) | 3 Gmail, 1 corporate | Breach monitoring |
| Social | LinkedIn, Instagram, Facebook | Privacy audit done |
| Gaming / Entertainment | Steam, PSN, Netflix | 2FA needed |
| School portals | 2 (district SSO) | Under review |
What happens next, and who owns it.
Two credentials are still active and unchanged. We will provide new password requirements, assist with rotation on the financial services account, and verify that no other accounts share the compromised pattern.
Three missed firmware updates, including a patch for an actively exploited vulnerability. Remote administration interface exposed to the internet. We walk through this on the first call; estimated time to resolve is 20 minutes.
Steam and PSN both support authenticator apps. Neither account has 2FA active. We will send step-by-step instructions for each platform and confirm completion at next check-in.
Public profile exposes conference attendance, endorsements, and a four-year travel pattern. We will provide a specific configuration checklist. Profile remains functional for professional use; only the threat-relevant data gets locked down.
Children's gaming passwords share structural patterns with adult financial accounts. Full password hygiene review to be completed in week two, with a household password manager configuration included in the Family Plan.
Router is current. Devices used there are shared with the primary residence and already enrolled. We will confirm the guest network is isolated and that no IoT devices (smart TV, thermostats) are on the primary VLAN.
District SSO is active but we have not yet reviewed what third-party apps the school has connected to the account. Standard check at quarterly review unless a concern surfaces sooner.
What we do, and when.
- Dark web scan for new credential exposures across all enrolled email addresses
- Review of device patch status — any unapplied updates flagged for your attention
- Check for new devices connecting to household networks
- Brief written summary emailed to both adults — what changed, what we did, what to know
- Full coverage review: add new devices, remove departed household members, update account inventory
- Social media and public profile audit — exposure that has accumulated since last review
- 30-minute call to walk through findings, adjust priorities, answer questions
- Updated score and written report delivered at the same time each quarter
- Incident response: if you receive a suspicious message, experience unusual account activity, or believe you have been compromised — email us and expect a response within two hours
- Life event coverage: new job, new device, move, or any significant change that affects your threat surface
- Child-specific issues: a new platform, a concerning interaction, or a school data incident
What each of us is watching for this household.
The Westchester router is the first thing I want fixed. An exposed remote administration interface on a three-year-old firmware is not a theoretical risk — it is an open door. Once that is closed and the firmware is current, I will turn my attention to the Vermont property's IoT layer. Smart home devices on a shared network are a lateral movement problem waiting to happen.
Four breached credentials is not an anomaly — it is the baseline for any household that has been online since 2015. What concerns me is the reuse pattern: one of those credentials tied to a financial account suggests that the credential hygiene review needs to happen in parallel with the breach rotation, not after. I am also flagging the LinkedIn exposure. Four years of public conference data builds a better travel calendar than most executives maintain for themselves.
This household has two adults with meaningful professional exposure — an executive whose schedule is partially public, and a consultant who holds client data on a personal device. That combination raises the stakes on everything else in this report. The immediate priorities are right. But the medium-term work is making sure the lake house does not become the soft target. Secondary properties are consistently under-protected relative to primary residences, and attackers know it.
Plain-language definitions.
This is what we build for your family.
Not a generic report. Not a scan result. A working document tailored to your household — its people, its devices, its actual exposure. Updated quarterly. Backed by a team watching continuously.
Start your intake See what's included and what it costs →