The easiest way into an organization is through its employees.
That’s because the security barrier that exists between an attacker and the company’s information assets is often something as simple as an employee’s security awareness.
The key to the organization and its assets are usually protected by a password that the employee can choose entirely himself, based on some fixed requirements such as special characters, upper/lower case letters and password length. The employee is expected to remember this password along with all other passwords.
The solution for many will be to reuse the same login details, username and password, in several places, and in the worst case, everywhere. It is enough for a site to leak user data such as passwords.
Minimal action handling in case of leaked passwords • Measures to minimize data breaches • Alerts when any of your user data is included in a leak
There is a market for leaked passwords
On the internet today there are databases with user accounts and passwords that can be purchased at a relatively affordable price – roughly around €0.2 per account. These login credentials come from websites and systems that have either accidentally leaked the credentials or simply been hacked.
The information in a leaked database often consists of a username or email, and a password. So, what if a user has the same username and password for all e-commerce stores, email accounts, websites and services. Exactly, it is enough for one of the services to suffer a leak for you to lose access and open up to data breaches to all sites that have the same password. Then it doesn’t matter at all if you have the world’s strongest password.
Do you want to know more?
Get in touch with us and we will help you get started with your monitoring.
Secify supports us in data protection issues and in our work with Data Privacy. In a trustworthy manner and with broad competence, Secify has contributed to our delivery.
Robert Ekvall, IT Security & Company Integration Lead
Några av våra kunder
How we do it
We want to monitor all company email accounts. We are adding coverage on @företaget.com and @företaget.se. We are also adding alarms to two employees in the IT department, martin@företaget.se and tommy@företaget.se.
Johan is in the finance department and has the email address johan.pettersson@företaget.se. He has a number of services that he uses daily. One of the services recently suffered a data breach where a large amount of accounts and passwords were leaked. As many other companies have done before, this company chose to “put the lid on” and silence the leak instead of informing about it.
A few days after the attack, the entire database is put up for sale, including all passwords.
Our system matches the contents of the database and finds the @företaget.se account and sends an alarm to Martin and Tommy in IT.
The actions that Martin and Tommy now need to take are minimal. A simple check of the logs and a password reset will suffice. The workload for everyone involved is minimal and without leaked data or damage to systems. If the account had been out for a longer period of time and the system had been exposed to a real cyber attack, the outcome would have looked very different.
Briefly explained, our system monitors occurrences of email domains in password lists. We alert as soon as one of your employees’ e-mail addresses is included in a leaked database.
With our service, we can identify if/when your employees’ private company passwords become public, so you can manage this.
The most important thing is not what is in the database right now, but what will be there tomorrow. The information that is leaked is most sensitive immediately after it is published publicly or for sale. Then it is important to have a tool and staff that can quickly identify, retrieve and analyze the content of new leaks and warn the account owners immediately when their information is leaked. We and our tool scan and analyze data from:
- Protected and semi-protected forums
- Tor network and i2p network
- File storage locations
- Dumped and leaked text files (pastebins)
- P2P networks
- Web directories
There are both free tools and other players on the market. As for other players, it is the price that differs, where we have a good offer that can be compared. If we compare with the free tools, the difference is above all how quickly the leaks are found. Since the free tools only use the content of public leaks, it can take months before the data is included. This means that your employees’ usernames and passwords into the organization are, during that time, public (to those who have access).
|Data Leaks||5 000+||–||–||479|
|Direct message in case of data leak||x||x||x||x|
|Protects all email addresses under the same domain||x||x||x||–|
|Actively searching for new leaks on the deepweb/darknet and hacker forums.||x||x||x||–|