Since that happened to one of my customers (working in IT company), an independent “researcher” saw the affected company credentials to our software (log in name + password) available on a website in the darknet.
Then researcher reached out to the company and reported it for a fee, then the company worked to fix the problem.
The company actually paid for it, because our software has direct admin access to deploy scripts & software to end user devices in the fleet. This is one of worst case scenarios and definitely worth every $ to pay to see who’s credentials got stolen and attempting to fix the issue before the actual malicious hack happens.