Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Breaches Compromise Credentials From Almost All Large Companies: Study

    By
    Robert Lemos
    -
    September 22, 2016
    Share
    Facebook
    Twitter
    Linkedin
      data breach

      Nearly every large company has had at least one employee whose email address and password have been leaked in a recent breach, putting those companies at risk of attack, especially if their workers reuse their passwords, according to research by security firm Digital Shadows.

      The firm analyzed its database of compromised credentials available online, searching more than 19,000 domains associated with the top 1,000 international companies. Digital Shadows’ database of compromised credentials comes from more than 30,000 claimed breaches over the past two years. The company found that digital criminals had claimed to have compromised more than 5.5 million credentials from 97 percent of the top 1,000 global companies.

      While the credentials are for online services that may not directly impact the victim’s employer, many users reuse their username and password. In addition, an attacker with a valid email address can more effectively mount a phishing campaign against a specific company, Rick Holland, vice president of digital strategies for Digital Shadows, told eWEEK.

      “We have seen in our customer base where this has been an issue, where replaying those credentials has been a challenge for them,” he said. “One of their big questions they want to know is, ‘What do we need to do to not be impacted by someone else’s breach?'”

      Data breaches have become a widely reported problem for companies. Major compromises, such as the 2013 credit-card breach of retail giant Target, are uncommon, but the theft of credentials can often cause more damage to victims than the loss of a credit-card number.

      In a 2012 breach, which only came to light this year, attackers gained access to Dropbox credentials through the likely reuse of an employee’s password. Online storage provider Carbonite initiated a password reset in June 2016, after it discovered that credentials used by its employees for a compromised online service were being used to attempt to gain access to its systems.

      So far in 2016, there have been 687 documented breaches, compromising at least 28.7 million records, and the final tally for the year will likely surpass the 781 documented breaches in all of 2015, according to data from the Identity Theft Resource Center.

      Accounts that only require a username and password are the fundamental problem. While many companies have talked about replacing passwords—and there are significant security reasons to at least augment the simple security measure—passwords continue to remain the most commonly used security measure.

      In a survey of U.S. businesses, Software Advice found that about seven out of every 10 companies only use passwords, although some require randomized passwords. Of the rest, 17 percent of companies use multifactor authentication and 14 percent use a password manager.

      “Passwords are not going away for a very long time,” Holland said. “The adversaries are building up their own databases” to collect credentials exposed in past breaches.

      The relative weakness of passwords is exacerbated by the large portion of users who reuse passwords. Recent estimates of reuse vary from 59 percent to 73 percent. While workers may heed advice not to reuse their corporate credentials, history has shown that reuse continues to pose a danger.

      Multifactor authentication will help mitigate the threat, and companies should move to adopt it as soon as possible, Holland said.

      “If you have multifactor authentication widely available on your external-facing services, these attacks might not be a big issue,” he said. “Yet, multifactor is not as widely deployed as it should be.”

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×