a man in a hoodie is shown with a login screen superimposed to represent passwords for sale on the Dark Web

by Kevin Lancaster

Why are your employee passwords for sale on the Dark Web, and what can you do about it? 

There are millions of passwords for sale on the Dark web, and that can harm your company even if they’re not directly stolen from you. Your employees’ login credentials can end up on the Dark Web in many ways that you may not be expecting through exposure in successful third-party phishing attacks and through design flaws if your staffers are choosing bad passwords.  

Watch our free webinar now to see what really goes on in Dark Web markets with two experts who will take you inside and get a free PowerPoint deck of authentic Dark Web screenshots!  

 A huge increase in phishing attacks since the start of the pandemic has led to even more passwords becoming compromised at large and small companies that you or your staffers could have a relationship with at work or at home. Combined with the prevalence of weak passwords that your staffers could be reusing at work as well as at home, your risk of compromise through a staffer’s password may be higher than you thought.

In our Password Education Package, we’ve included the whitepaper “Building Better Passwords” that details some of the ways that people create bad passwords. 

Here are a few scenarios that demonstrate how it can happen and how easily the passwords that your staff use at work can become compromised putting your company at risk: 

  • Your staffer feels like she has too many passwords to manage, so she iterates her passwords by using the name of her favorite baseball team and a different jersey number for each application she accesses at work and at home – making them easy for her to remember, but creating new vulnerabilities for you. Here are the most popular (and bad) crutches that users turn to when creating passwords.  
  • Your staffer has a few passwords that he favors and he uses them interchangeably for applications at work and home. Unfortunately, he falls for a phishing attack, and his Steam password gets stolen and exposed in a password dump. It’s the same password he uses for Office 365 at work, creating an unexpected vulnerability for you.  Learn about the dangers of Dark Web password dumps. 
  • Your staffer uses her administrator password to log in to ADP every day – and she also uses the same password for the Disney + account that she shares with her daughter. Not only does her daughter now have your ADP password, but she can also increase your risk of compromise by reusing the password or sharing it with someone else. See how one compromised password causes massive damage. 

In our Password Education Package, we’ve included the whitepaper “Building Better Passwords” that details some of the ways that people create bad passwords.

So, what can you do to mitigate your risk of compromise from a password that’s been reused? By combining two of our digital risk protection solutions, you can stake the sting out of reused or recycled passwords quickly and affordably.

  1. Dark Web ID  protects you from Dark Web threats by monitoring the Dark Web 24/7/365 using human and machine intelligence to alert you quickly if your company’s passwords, data, or other sensitive information hits the Dark Web so you can act quickly to stop a data breach before it happens. 
  2. BullPhish ID helps you train staffers to spot and stop phishing attacks with easy-to-use, frequently updated phishing training and testing kits and videos in 8 languages to ensure that they’re ready for the latest threats, bolstering your defenses against the number one cause of a cybersecurity breach – human error. 

Contact our experts today and let us help protect your systems and data from threats with our affordable digital risk protection platform to give you peace of mind about cybersecurity so that you can concentrate on your real business.