In this article:
API name: leaked_credentials
Severity: Info (In Scoring 2.0)
Medium (in Scoring 3.0)
Factor: Endpoint security
This issue type is different from Credentials at Risk for Up to 120 days and Credentials at Risk For Up to Two Years
Why is this important?
Email/password combinations have been identified as being circulated within the hacker underground. The reuse of passwords presents an additionally security risk. This combination could possibly lead to the compromise of a corporate system, but could also include any other 3rd-party systems associated with business functions--such as outsourced HR systems, CRMs, or any other SaaS providers used by the business. The credentials below were recovered in the forms of bulk data breach leaks, as well as extracted from public and private Hacker Chatter sources.
For the issue type "leaked passwords", all of the emails that are listed were part of the DropBox and Linkedin data breaches in 2012. Most of the emails and credentials that were part of the data breach were starting to circulate around mid-2016. Granted a lot of companies have password reset or policy to ensure credentials are always changed on a cycle, we are still listing these emails on the scorecard as they have been mentioned in data dumps or third party sites.
How we discovered this issue
Data dumps that contain email addresses of users that were caught in data breaches, these dumps were discovered from numerous sources that include pastebin and forums.
How you can remediate this issue
Email/password combinations have been identified as being circulated within the hacker underground. The reuse of passwords presents an additionally security risk. This combination could possibly lead to the compromise of a corporate system, but could also include any other 3rd-party systems associated with business functions--such as outsourced HR systems, CRMs, or any other SaaS providers used by the business. The credentials below were recovered in the forms of bulk data breach leaks, as well as extracted from public and private Hacker Chatter sources.
How you can resolve this issue in the platform
- I have fixed this
- The email(s) removed from the network and were provided with a new email handle
- Employees had their credentials reset and were notified of the change.
- Advisement of usage of corporate emails on third party sites, security awareness training was administered and credentials have been changed.
- The email(s) are no longer working for the company.
- Email handle has been disabled until further notice.
- I have a compensating control
- The affected users do not work at the company anymore
- The organization provides training for employees on security protocols relevant to their position
- The organization has standard security frameworks and protocols
- Some examples include, but are not limited to:
- Making sure staff get regular training in data security
- Only letting people have access to personal information if they need it for their job
- Having a response plan in the event of a threat to data security
- Multi-step login processes in place (multi-factor authentication)
- Users have password policies or tools in place? (ex. 1password)
- Please indicate how this is enforced
- Some examples include, but are not limited to:
4. The organization performs unannounced, periodic tests of the security framework
5. The organization helps prevent social engineering and other fraudulent tricks or traps by instilling a resistance to persuasion attempts with employees through exposure to similar or related attempts
- This is not my IP or domain
- The email handle is not of our company.
- I cannot reproduce this issue and I think it’s incorrect
- This user has never been part of the company.
Learn more
https://haveibeenpwned.com/