Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

It’s Time to Take Stolen Email Credentials Seriously!

March 03, 2017

Are you concerned about hackers stealing your organization’s email credentials and accessing your organizations PII or confidential information? If you’re not, you should be.

Even Mark Zuckerberg of Facebook fame isn’t immune from hackers. Yes, that’s right. Despite having billions of dollars and some of the best technology minds on the planet at his disposal, Mark Zuckerberg’s social media accounts were hacked. If Mark Zuckerberg isn’t safe, you can bet that your organization most certainly isn’t as well.

Case Study: Data Breach Using Stolen Passwords

In previous blog posts, we’ve discussed the LinkedIn hack where over 117 million email credentials were stolen. “What’s the big deal, why should I care that LinkedIn was hacked?” you might ask.

Here’s what the big deal is: let’s say one of your employees had their LinkedIn email and password stolen. They likely are using their organization issued email address to log in to LinkedIn. If they are like most people, there is a 75% chance that they are using the same, or a derivation of the same, password to access LinkedIn as they use to get into your organization’s system.

Frist, a semi-sophisticated hacker will try to exploit your systems directly by trying the LinkedIn credentials discovered. Often times, this will get them right into your network. If the LinkedIn password doesn’t work, hackers will “brute force” their way in by trying variations of the password to access your system.

PS: Click here to learn how Dark Web ID can help your organization stay secure.

Even if the hacker can’t get into your network directly with the stolen credentials, there are other tactics they can use to eventually gain access.  For example, the hacker will use the stolen LinkedIn credentials to exploit the compromised employee directly by installing malware on their personal devices.

Keyloggers and other forms of malware will allow a hacker to monitor the employee’s keystrokes and extract data/ credentials they can use to gain access into your networks. This essentially defeats the practice of changing passwords on a regular basis since it will be picked up each time its changed.

Once they’re in your system, your sensitive data (and your customer’s!) is ripe for the plucking.

What Can You Do to Prevent Data Breaches?

You will never be able to totally prevent the possibility of a data breach. Just ask Mark Zuckerberg. Perhaps a better question is, “What can I do to minimize the possibility of a data breach?” There are a few things you can and should do:

No matter what steps you take to prevent data breaches on your networks, it’s important to understand that you’re never 100% secure. You need multiple layers of defense.

Monitoring the Dark Web for Your Stolen Email Credentials

It’s helpful to understand what hackers do with the credentials they steal. Take the example of the LinkedIn hack. The hacker that offered all 117 million of the stolen credentials on the Dark Web ask for a paltry 5 bitcoins (approximately $2,900.)

It’s also helpful to know what the hackers know by monitoring the Dark Web to see if your organization’s stolen email credentials are offered for sale. The Dark Web is the non-indexed portion of the internet where cybercriminals operate black market bazaars to sell stolen information. A good threat intelligence tool is constantly monitoring the Dark Web for your stolen email credentials. A really good threat intelligence tool also monitors your supply chain’s credentials on the Dark Web.

If you respond quickly when your stolen email credentials are discovered, you can take remedial steps to limit damages arising from the breach.

It’s time to take stolen email credentials seriously! Our goal is to serve as 21st century Paul Revere’s to make businesses aware of the threat and help them prepare to fight it.

There’s a good chance that email credentials from your organization have been stolen. Would you like to find out? Schedule a Dark Web ID demo with us and we will show you if your credentials have been stolen.