In some implementations, systems and methods for detecting leaked credentials in a request for a network resource are provided. A request to access a resource on a network is analyzed to determine if the request was transmitted using an unsecured protocol, and if so, determine whether the request includes authentication credentials. If the request includes authentication credentials, the authentication credentials are authenticated and in response to determining that the authentication credentials are authentic, the authentication credentials are disabled. One or more notifications may be transmitted to an owner of the disabled authentication credentials.