Leaked credentials affect the largest 1,000 organizations worldwide
Data breaches have become the norm in recent years with 2014 earning the nickname the "year of the data breach" and 2015 being known as the "year of the breach". So far in 2016, even more data breaches have been made public, including LinkedIn, MySpace and Dropbox and we will likely see more before the year comes to a close.
For companies, being the victim of a breach is unnerving enough, but there also implications to their reputation, brand and finances. However, breaches also have an indirect impact on organizations and some end up facing the "collateral damage" of such an attack for some time after the initial breach.
Employees that reuse corporate emails and passwords put their organization at risk following a breach by the lack of security that stems from using credentials that have been compromised. A new report has found that amongst the largest 1,000 organizations worldwide, there are over five million leaked credentials on the web that could be used by attackers to gain access to sites or even launch new attacks.
A great deal of these credentials come from the LinkedIn and Adobe breaches as both of these companies offered services that many employees would sign up for using their work emails. Another more surprising source of leaked corporate credentials comes from MySpace, which should be somewhat worrying for organizations. Gaming sites and dating sites also had an impact on organizations with over 2,000 leaked credentials coming from the Ashley Madison breach alone.
It should be as simple as making employees reset their passwords for these organizations, but unfortunately it is not as password resets can often cause a great deal of unrest at many companies. This is why IT departments first need to figure out whether the information stolen from a breach is unique, re-posted, or outdated information. Ten percent of the five million leaked credentials in the report were actually duplicates which can cause even more confusion for an organization that has suffered a breach.
In order for organizations to prepare themselves for the inevitable data breach they need to first understand the impact of a breach and what they can do to prepare their employees and business for credential compromise.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.