2020 Report: Breach Exposure of the Fortune 1000

REPORT

2020 Report: Breach Exposure of the Fortune 1000

Employees frequently reuse corporate credentials as personal logins, regardless of security guidelines that prohibit such behavior. When those third-party sites are subject to data breaches, reused employee logins provide easy entry points to corporate systems and networks. In addition to corporate credentials, data breaches expose a wealth of personal information that can enable cybercriminals to bypass security measures, take over accounts, and compromise enterprise networks.

To provide a snapshot of the breach exposure affecting major enterprises, we examined SpyCloud’s entire database to see what breach data we could tie to companies in the Fortune 1000. Across our data set, we were able to identify over 412 million breach assets tied to employees within the Fortune 1000.

Download the report to see:

  • How many Fortune 1000 employees and C-level executives have passwords available to cybercriminals
  • Top passwords of Fortune 1000 employees
  • Infographics showing credential exposure, password reuse rates, and more for all 21 Fortune 1000 sectors
  • Which sector is the worst offender (by far)

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Report

2020 Report: Breach Exposure of the Fortune 1000

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Targeted vs. Automated Account Takeover Attacks

WHITEPAPER

Targeted vs. Automated
Account Takeover Attacks

Account takeover (ATO) occurs when criminals use stolen logins to access user accounts without permission–typically credentials that have been exposed in a third-party breach. Using victims’ accounts, criminals can make fraudulent purchases, drain accounts, steal sensitive data, or move laterally within a target organization.

The vast majority of account takeover attempts are automated credential-stuffing attacks. However, SpyCloud customers report that 80 percent of losses come from just 10 percent of ATO attempts, which are highly targeted and challenging to detect.

Read this whitepaper to learn:

  • The differences between targeted and automated account takeover attacks and why targeted attacks can cause so much damage
  • The five phases of an account takeover attack and the tactics, techniques, and procedures cybercriminals throughout the attack timeline
  • How early detection can help you prevent both targeted and automated account takeover

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Whitepaper

Targeted vs. Automated Account Takeover Attacks

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

2020 Annual Credential Exposure Report

REPORT

2020 Annual Credential Exposure Report

Every year, the SpyCloud Credential Exposure Report examines the data cybercriminals have been sharing over the last year and what it means for enterprises and consumers. Our 2020 report shows that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover (ATO). 

SpyCloud researchers infiltrate criminal networks to identify and recover stolen data months or years before it reaches a broader criminal audience or goes public. As a result, the 9 billion breach records analyzed for this report provide insight into breaches that have been freshly released to criminal marketplaces over the last year.

Download the report to see:

  • Trends our researchers have observed within cybercriminal communities over the last 12 months
  • Password reuse patterns, including the most common transformations people use to “refresh” a reused password
  • Most popular 100 passwords collected over the last 12 months
  • Common password hashing algorithms used by breached organizations

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Report

2020 Annual Credential Exposure Report

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Best Practices for Implementing NIST Password Guidelines

WHITEPAPER

Best Practices for Implementing NIST Password Guidelines

Weak Passwords?
NIST Can Help!

Controlling users’ bad password habits poses a major challenge. Aligning your enterprise’s password policy with the latest guidelines from NIST can help encourage better password habits and reduce the risk of account takeover.

Luckily, you can enforce many of these guidelines through the built-in settings provided by most directory services, including Microsoft Active Directory.

Download this best practices guide to get:

  • A plain-english overview of required, recommended and desirable NIST password guidelines
  • Detailed instructions to help you use directory services like Active
  • Directory to enforce password guidelines
    Advice for how to keep your password policy human-friendly and help your users help themselves
  • Questions to ask potential solution providers

Even if you don’t use Microsoft Active Directory, this is still a helpful guide to NIST’s latest password recommendations.

Solution: Active Directory Guardian

Automatically detect and reset exposed Windows accounts.

Learn More

Download the Whitepaper:

Best Practices for Implementing NIST Password Guidelines

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

GDPR & ATO Prevention Solutions

WHITEPAPER

GDPR & ATO Prevention Solutions

Everything You Ever Wanted to Know About GDPR in (Relatively) Plain English

With information for companies evaluating SpyCloud

In 2018, the General Data Protection Regulation went into effect with the goal to ensure the protection of data for all EU citizens. The law pertains to businesses throughout the world that process data belonging to EU citizens.

We worked with our legal team to develop this whitepaper, which breaks down the GDPR into plain English, and provides insights on what it means for you — in particular as you evaluate account takeover prevention solutions that rely on personal data.

Download this whitepaper for:

  • A brief history of EU data protection law
  • A summary of the major changes introduced by the GDPR
  • What the changes mean for your company if you process EU citizens’ data
  • How you can use SpyCloud and stay within the law

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Whitepaper:

GDPR & ATO Prevention Solutions

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Understanding the Latest NIST Password Guidelines

WHITEPAPER

Understanding the Latest NIST Password Guidelines

Security Meets Usability

Over the years, security professionals have learned surprising lessons about how password policies affect user behavior. Faced with complicated password requirements and hundreds of online accounts to keep track of, people often take dangerous shortcuts—and criminals benefit.

To help organizations mitigate the risk posed by users’ bad password habits, the National Institute of Standards and Technology (NIST) designed a set of password guidelines that balance security and usability. The updated guidance abandons the long-held philosophy that passwords must be long and complex. In contrast, the new guidelines recommend that passwords should be “easy to remember” but “hard to guess.” According to NIST, usability and security go hand-in-hand.

Read this white paper to understand what NIST’s guidance means for your organization, including:

  • Why NIST has abandoned popular password complexity requirements
  • What’s special about new authenticator guidelines
  • How NIST approaches biometrics (hint: they’re not enough on their own)
  • What organizations can do to mitigate the risk caused by users’ bad habits

Solution: NIST Password Screening

Align with the latest password security guidelines from the National Institute of Standards and Technology (NIST).

Learn More

Download the Whitepaper:

Understanding the Latest NIST Password Guidelines

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Considerations for Choosing an Account Takeover Security Solution

WHITEPAPER

Considerations for Choosing an Account Takeover Security Solution

Learn How to Evaluate Account Takeover Security Vendors

Account takeover (ATO) is a rising security problem. One that many organizations struggle to prevent. With millions of usernames and passwords being stolen every year, the enterprise is at high risk for attacks that can lead to financial and reputational damage. There are several ATO vendors offering differing solutions. How do you know which vendor to choose? This CSO whitepaper provides a guide to the best practices for evaluating how well each approach works, including a checklist of topics to discuss with each vendor being evaluated.

Download the whitepaper today to learn:

  • 11 key questions to ask ATO security solution vendors during product evaluation
  • Which solution features are most important
  • The key metrics every vendor should be able to provide

Solution: Account Takeover Prevention

Reset Stolen Passwords Before Criminals Can Use Them To Defraud Your Users Or Access Sensitive Corporate Data.

Learn More

Download the Whitepaper:

Considerations for Choosing an Account Takeover Security Solution

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

The 6 Myths About Account Takeover

EBOOK

6 Myths About Account Takeover

Think your Account Takeover Strategies are Working?

Account takeover (ATO) is happening at a record pace and stolen credentials are once again the #1 most common breach action. If the popular ATO prevention strategies were working, why is the number of account takeovers only increasing? There are several factors at play and unfortunately, most security solutions don’t go far enough to stop ATO. They only monitor, but they don’t protect. Companies don’t need more monitoring. They need prevention strategies that work.

Download our ebook to learn which of the most common techniques and technologies help and which provide false hope:

  • Multi-Factor Authentication
  • Password Managers
  • 90-Day Password Rotations
  • Behavior and Heuristic-Based Solutions
  • Deep & Dark Web Scanners, Crawlers and Scrapers
  • Corporate Policy

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Ebook:

6 Myths About Account Takeover

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Download Our Report on Account Takeover

REPORT

Download Our ATO Report

The Rising Threat of Account Takeover

Because of widespread password reuse, Account Takeover (ATO) attacks have become an extremely lucrative business for cybercriminals. Organized crime rings are performing ATO attacks at a massive scale by leveraging botnet-infected armies to attempt credential-stuffing attacks against various web and mobile applications. Cyber criminals exploit compromised accounts for financial gain by pilfering financial or personally identifiable information (PII) directly or by selling access to these accounts on underground markets.

Download our report to understand:

  • The underground economy driving these attacks
  • The tools criminals are using to automate ATO
  • Remediation strategies to prevent ATO in your organization

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Report:

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.