Showing 6 posts.

PasswordPing Launches Exposed Password and Credentials API Service for Enterprises

Posted by Mike

Today, PasswordPing announced the launch of its patent-pending password and credential breach notification service, which proactively notifies organizations if their users are using exposed credentials.

"Billions of accounts have been exposed in breaches and often the users are completely unaware of it.  With PasswordPing, organizations can help inform their users of exposure," says Mike Wilson, founder of PasswordPing. "IT and Development cannot combat it alone. Empowered, informed users must also take measures to protect their own accounts. Armed with awareness of exposed credentials, companies can proactively help keep their users and organization safe."


LeakedSource Shut Down

Posted in Cybersecurity by Mike

Last week, a breach notification site named LeakedSource was allegedly shut down by US law enforcement and much of their equipment confiscated.  While the Department of Justice is refusing to comment or confirm, the social media accounts of the operators have been suspended and the site itself is offline.  At the current time, the reasons why they may have been targeted by law enforcement are unknown, although it's possible to hazard some guesses as to why.  Were they White Hat, Black Hat or Grey Hat?    



What the Heck is "Credential Stuffing"?

Posted in Cybersecurity by Mike

There are many headlines around data breaches and how billions of user credentials (usernames and passwords) have been exposed publicly over the last few years.  The natural question that comes up is "what do cybercriminals do with these stolen credentials?"  Well, apart from using them to attempt logins to the breached website itself, the second most common thing cybercriminals will do with stolen credentials is to use them in an attack called "credential stuffing." 


Punishing users for *possibly* using another site with a breach

Posted in Breaches by Kristen

 I recently received an email that notified me of a forced password reset for one of my online accounts due to the AdultFriendFinder breach. 


Twitter, Tumblr, DropBox, LinkedIn, Spotify and many other companies are all forcing password resets or actively reaching out to users to change their passwords. 


Because of the reuse of passwords across multiple sites, a breach for one company creates a domino effect for other companies. 



Yahoo Confirms Largest Known Breach in History: 500M Accounts

Posted in Breaches by Mike

Back in August, a hacker named peace_of_mind claimed to be selling a database containing credentials for 200 million Yahoo accounts.  

At the time Yahoo indicated they were investigating the matter, but could not confirm.  

Today, Yahoo confirmed that 500 million accounts were compromised in what we believe is the largest known data breach in history.


Users suck at secure passwords. Help them.

Posted in Introduction by Mike

You have a standard password strength meter on your site so you may think that your users have secure passwords.

Think again.

It is estimated that 55% of users use the same password across multiple sites, it not all.  Hackers love that 55% because if there is a data breach on one site, they can use the same credentials to gain access on other sites.

The user is often unaware that they are using a known, compromised password.