Employees often use their corporate email address to sign up for third-party websites. They’re not intending to cause harm; they’re simply trying to minimize the number of login credentials they have to remember. When those websites are breached, the employee’s information is exposed to cybercriminals, and if they have reused their corporate passwords, your organization is at risk. Criminals can easily exploit the exposed credential pairs to gain access to corporate systems – jeopardizing customer information, funds, IP, and sensitive employee personally identifiable information (PII).
The SpyCloud data you see in Privva represents:
Corporate Records Exposed
A corporate breach record is the set of data tied to a single corporate email address within a data breach. One employee whose information appears in three different breaches would result in three distinct breach records. Each exposed record may contain information that a criminal can use to take over the employee’s accounts or commit fraud, such as passwords and PII.
Potential Executives Exposed
Corporate credentials that have appeared in a data breach and are tied to employees with high-ranking titles, putting them at increased risk of targeted account takeover attempts, business email compromise (BEC) fraud, and extortion.
Date of Last Exposure
Represents the date of the most recent data breach containing employee email addresses from your corporate domain.
Protecting your users from corporate account takeover requires that they reset their compromised password to a strong, unique password not used for any other account. Get the details on your users’ exposed passwords and PII by contacting SpyCloud.
The SpyCloud Difference
Current, Relevant, Truly Actionable Data
SpyCloud uses Human Intelligence (HUMINT) to quickly recover current breach data within hours or days of the breach occurring. Our unique data cleansing and password cracking process reveals exposed credentials faster and with greater match rates. Not only is our breach database the cleanest, we provide the most data of any provider, with context and perspective to make it immediately actionable.
With hundreds of online accounts to keep track of, it’s inevitable that people will reuse their favorite passwords between corporate and personal accounts. When a data breach exposes those passwords to criminals, every account that shares the same login becomes vulnerable to account takeover as criminals systematically test stolen credentials across many sites.
Without visibility into which passwords criminals have access to, it’s challenging for security teams to prevent account takeover for their users. SpyCloud helps busy security teams stay a step ahead of cybercriminals by checking user logins against the largest database of recovered breach assets in the world.
Recommendations to Prevent Account Takeover
Everyone has a part to play:
The security org should:
Grant access to a password manager as an employee benefit for work & personal use