The average user has between 20-25 personal online accounts and at least half that for business related accounts. With so many accounts to keep track of, poor password habits and password re-use becomes a serious problem. Knowing when an employee's company credentials are leaked from 3rd party sites could mean the difference between a timely but inconvenient password reset for an employee and an unauthorized breach of your networks.
Countless sites are breached everyday and are likely having their databases leaked to the the dark-web or even directly to the internet. It's trivial for even an average user with b skills to locate and download copies of this data. Which means it's more important than ever to know exactly where and what your employees are doing with their company emails. Catching an employee's credentials in the wild before they are used by malicious attackers could save your organization a lot of time and money.
* While an attacker can usually be discovered attempting to gain access to an organization's network, it's nearly impossible to differentiate an authenticated user, and an unauthorized authenticated attacker after access is already granted.
* Every single day there is countless databases being leaked online from major and minor organizations all over the world. Some are large enough to make it into the news, most are simply too small to be noticed.
* Attackers scour the internet and the darkweb for these golden gems. You can be assured that every email that is associated with your organization is being tested against any of your login forms exposed to the internet.
* 'Credential Stuffing' or an automated injection of breached username/password pairs in order to fraudulently gain access to user accounts, is a relatively new style of attack.
* The only way to prevent an attacker from gaining unauthorized authenticated access to your networks is to know about leaked credentials before an attacker has a chance to use them.
* Many times employee credentials leaked online are not valid for logging into corporate networks.
* While this might prevent Credential Stuffing attacks, a dedicated attacker can still learn a lot from leaked credentials.
* Such as, if a user has a habit to add a single digit or increment a digit to a password they commonly use for different services.
* This is known as Predicting Password Patterns, and can be just as disastrous.
* A less well known but still relevant threat to an organization is what other services an employee is using their company email for.
* Some services such as LinkedIn are generally acceptable but these too carry their own risks.
* Such as an attacker taking over an account of a third party site and using it to abuse the trust the account carries. Either to communicate with other employees or customers.
* With the prevalence of password re-use, most organizations are one leaked credential away from a ransomware attack.
* One of the easiest way to get into an organizations' internal networks and create havoc, is to simply use an employee's valid credentials. With most internal networks being flat or poorly segmented, it becomes a trivial process to take over sensitive internal systems, encrypting everything an attacker has access to, and demand an outrageous fee inorder to recover your data.
* Ransomware gangs have the same access to leaked credentials anyone else on the internet has. It comes down to an organization reacting to potentially valid credentials before an attacker does.
* Some employees feel they can use company email addresses on any service they want.
* Questionable services such as dating or pornographic sites are not uncommon. This should never be the case for an email that does not belong to the employee.
* Company email addresses are just that, company email addresses and should only ever be used for company related correspondence.
* Loss of trust
* Financial losses
* Potential future target for attackers