Identity theft hit a record high in 2017, according to Javelin Strategy and Research — the year 16.7 million victims (up 8 percent from 15.4 million in 2016) incurred losses totaling $16.8 billion. One of the most common forms of fraud was account takeover, in which criminals use another person’s account information to buy products and services. It also tended to be the most difficult to resolve: On average, it took about 16 hours and $290 in out-of-pocket expenses.

SpyCloud, an Austin, Texas-based cybersecurity firm, aims to proactively stop those crimes before they happen with the help of sophisticated data analytics tools. It today announced that it raised $21 million in series B financing contributed by M12, Microsoft’s venture fund, with new investors Altos Ventures and existing investors Silverton Partners and March Capital Partners participating.

The round, which follows on the heels of a $5 million series A in March, brings SpyCloud’s total venture capital raised to $28.5 million. CEO Ted Ross said the fresh capital will be used to expand the company’s security research, sales, and marketing teams and to extend product development into “specific vertical markets,” as well as increase SpyCloud’s global footprint.

“Passwords and their reuse across personal and work accounts are the leading cause of ATO, one of the most imminent threats to businesses of all sizes,” Ross said. “As criminals use more complex, scalable methods to collect and weaponize compromised passwords, organizations need to take proactive measures to prevent, detect and remediate exposures.”

SpyCloud’s cloud-based solution — the brainchild of Ross, previously Walmart’s strategy architect and a team lead at HP Security Research, who cofounded SpyCloud in 2016 with former Avast director of product David Endler — takes a four-pronged approach to takeover mitigation: prevention, investigation, alerts, and enforcement.

It actively tracks domains and identifies places on which the web users’ credentials — i.e., emails and password combinations — have been exposed, prompting those who have been affected by a breach or leak to reset their passwords. (Admins and team members receive alerts when credentials are exposed.) All the while, SpyCloud’s fully automated active directory component continuously compares newly stolen credentials to active employees, and optionally integrates an extra password check into existing workflows.

For customers looking to dive deeper, there’s SpyCloud’s Investigations product, which exposes the tactics and techniques adversaries took to perform fraud, and Maltego, a visualization tool that produces graphs for link analysis (i.e., finding relationships among usernames, passwords, IP addresses, geographic locations, phone numbers, financial information, email addresses, and more). Moreover, thanks to a robust set of APIs, SpyCloud enables strategic partners like CreditKarma and AlienVault to build monitoring and security solutions for third-party clients.

SpyCloud — which claims its repository of more than 32 billion decrypted, compromised credentials from proprietary sources is one of the largest in the world — says it has recovered 68 billion breach assets and over 500,000 C-level executive records, and that it recovers 6 million credentials per day and more than 50 breached datasets per week. Current customers include Cisco, Automatic, MailChimp, Zscaler, and “hundreds” of other enterprise organizations in verticals like networking, travel and hospitality, financial services, health care, retail, and higher education.

“SpyCloud is changing the way modern businesses identify and address cybercrime stemming from account takeovers,” Leo de Luna, managing director of M12, said in a statement. “We look forward to helping SpyCloud and its outstanding team accelerate protections for both its customers and their users from this fraudulent activity.”

Sign up for Funding Daily: Get theĀ latest news in your inbox every weekday.