Two huge data dumps of leaked credentials in recent weeks have drawn attention in breach news this week raising questions about the risk posed by these treasure troves of information for cybercriminals. These batches of information from past breaches demonstrate the danger of a third party data breach and how that can create a cascade effect that damages other companies.
In early July, Dark Web researchers found over 15 billion credentials from more than 100,000 data breaches on the Dark Web, including everything that a bad actor might need for unrestricted access to everything from streaming services to banking accounts and financial services.
Later in the month, cybersecurity analysts found another giant cache of sensitive information on the Dark Web, this time including personally identifiable information including names, addresses, dates of birth, Social Security numbers, and other sensitive personal information for an estimated 40,000 Americans.
This is far from a rare occurrence. As time goes on, more data dumps of this type will happen regularly as data accumulates from a constant spate of breaches, putting even more peoples’ personally identifying information on the Dark Web – and putting the companies that they work for in danger.
Two major concerns about how cybercriminals may use this information to damage other companies are credential stuffing attacks and spear phishing. With a bit of research and a big enough list of email addresses and potentially associated passwords, cybercriminals can mount dangerously accurate credential stuffing operations that can quickly bypass many data protections. They can also use personal details collected from other breaches to craft extremely convincing phishing emails touse against targeted companies that lure in unwary staffers to unwittingly deploy ransomware or give up access credentials, passwords, and data.
What’s the first thing to do to throw up a roadblock against attacks that make use of these huge data dumps? Deploy a secure identity and access management solution like Passly. It seems like an easy fix because it is. Passly is simple yet effective protection that goes to work immediately to mitigate the consequences of things like staff credential compromise from a third party data breach – because they’re almost inevitably recycling passwords.
In one affordable tool, Passly adds peace of mind for businesses that their entry points are protected as it uses the combined security power of MFA, single sign on, and easy remote management to add crucial layers of protection between cybercriminals and company systems and data fast, while making sure that the right people have access to the right things at the right level – and only the right people.