Huge Credential Leak Underscores Need to Protect Passwords, Login IDs
By now you already know that passwords are problematic. Getting your employees to create passwords that are even slightly secure is hard.
Getting them to change to new passwords is even harder. Getting them to actually remember passwords instead of writing them on sticky notes and attaching them to their monitor is nearly impossible.
This problem was made clear this past week when over 1 billion credentials were leaked from a variety of sources. Those credentials, which included user names and passwords along with other information, have been put up for sale on the Internet, and by now they're likely in the hands of cyber-criminals who will eventually use them.
In the near term, you know that you need to alert your users to change their passwords in the event that some of those stolen credentials belong to them. You may also want to check to see if their company email address is among those stolen, which you can do at sites such as Have I Been Pwned to see if their credentials are among those that have been stolen.
NEWS ANALYSIS: Nobody knows for sure where all of the billion-plus Pwned credentials came from, but at this point that hardly matters. What matters is how you protect your own credentials.
Until now, there was another place to check such things called Pwnedlist.com, but according to security researcher Brian Krebs, that site was the source of many of those stolen credentials.