Compromised Account (Dark-Web lookup)

Problems Faced

Sam is the user of a very popular corporate/business social media website.  Unfortunately this business social media site has been compromised. The details of Sam’s username and password are no longer private, in fact they are being traded the dark-web!  To make matter’s worse, Sam used the same password for his work email account as he did for the social media site.  This means that the attackers now have a username and password that will unlock Sam’s work email account.    Being alerted to the compromised account is an excellent chance to notify end-users of the potential data-breach, and, a reminder for them to not utilise the same password between services.

Solution

If Sam did use the same password between services, then it would be advisable for him to undertake an immediate password reset at work and have system administrators review login history for any suspicious activity.

It is critical that external compromised accounts listed in the dark-web be identified as soon as possible.  The longer the compromised account is left without any required steps being undertaken, the longer your organisation may be exposed to any potential impact. There is a serious risk of further data exposure if not addressed in a timely manner.  Proactive steps can help reduce this risk.

Prevention

What are the main questions you should consider when working out how to manage this risk?

• Do you have any system or solution in place to detect when your users’ email accounts are involved in data-breaches/compromises?
• If one of your user had an external account listed on the dark-web, would you find out?
• How long do you think it would take to find out that one of your user accounts had a password compromise, or other major breach?
• Have you ever checked your users accounts for listings on the dark-web?
• What would the impact be on your organisation if a user’s password as made publically available for an extended time without detection?