<![CDATA[Credential leaks pose a major threat to cybersecurity because they often lead to follow-up attacks such as credential stuffing and account takeovers. Beyond dark web forums, Telegram has emerged as a prominent platform for the open distribution of leaked credentials. However, existing studies largely focus on descriptive analysis or threat detection, providing limited support for transparent and measurable post-compromise risk assessment. This study proposes an Explainable Platform Risk Scoring (XPRS) framework to support post-compromise decision-making in Cyber Threat Intelligence (CTI). Credential leak data are collected from public Telegram channels and processed through preprocessing stages to mitigate duplication and remove irrelevant records. Technical vulnerability is quantified using Shannon entropy, while platform risk is estimated by integrating platform impact and leak characteristics. Explainable Artificial Intelligence (XAI) employs SHapley Additive exPlanations (SHAP) to clarify risk indicators. The evaluation utilizes rank-based statistical analysis to examine the correlation between platform frequency and associated risk scores. The results indicate that XPRS consistently generates and interprets platform-level risk prioritization, offering practical support for transparent cybersecurity in post-compromise contexts. The findings demonstrate that the frequency of leaks is not the primary determinant of risk; instead, platforms in critical sectors such as Identity & Access Management (IAM), government, and financial services consistently exhibit the highest risk scores despite lower leak volumes. This underscores that systemic impact and credential quality are more significant in post-compromise risk assessment than the sheer quantity of leaks.]]>
