SpyCloud: What To Do When Your Password is Exposed in a Data Breach

What To Do When Your Password is Exposed in a Data Breach

August 6, 2019 Heather Smith

Breaches happen all of the time. While none of us can control how other companies protect our data, we can do plenty to protect ourselves. The first recommendation of action after a breach is for customers to immediately change their account passwords. Those stolen passwords are just as valuable or more to cybercriminals as social security numbers and credit scores. Why? Because passwords create the gateway to personal and work accounts. When they’re compromised, bad actors can take over those accounts, posing as the legitimate owner – accessing sensitive corporate and personal data, draining accounts, and even setting up new accounts and loans, taking identity theft to a new level.

Since few of us can remember a complex, unique password for every work and personal account we own, it’s easy to become complacent. Unless you or your employees have ever experienced account takeover, you may assume your chances are slim. Not so. Stolen passwords are the number one tactic used by criminals to hack accounts, nearly 20 percent more than malware.

So, what can you do to protect your and your employee’s accounts in order to prevent account takeover? We’ll give you 5 steps to keep accounts safe, even when the breach was completely out of your control.

5 Steps to Remediate a Password Exposure

The key to any password compromise is to find it early. The longer the exposed password is in use or active (even if it is assigned to an unused account), the greater the chance it will be used against you or your company. Fortunately, enterprise software exists to continually and automatically monitor active accounts, such as those in Active Directory, and compare them accounts against a database of known breaches. If any credentials match a breached record, it flags the affected account and immediately notifies security leaders of the exposed email address and associated domain.

Administrators can log into the system to drill into the details of the exposure, including the breach date, the type of breach, the affected service or website, and whether the credentials are already on the underground market. Once the compromise is discovered, the following 5 steps will ensure the criminals don’t continue their attack on that account.

Step 1: Change the Password Immediately

Cybercriminals act fast. They know the clock is ticking from the moment credentials are stolen. They use sophisticated technology and bots to compare the password against thousands of common websites and apps. By changing the exposed password the moment a breach is discovered, you remove any potential that the compromised password can access any personal or work data.

Experts highly recommend using complex passwords that are unique for every account. Using the same password on multiple accounts or reusing an old password is extremely risky. It’s worth the effort to establish unique passwords for every account and make them as complex as possible. See Step 5 for the best way to accomplish this.

Step 2: Change All Variations of Compromised Password

When people are advised to change their passwords, most decide to simply change a character or two. This may seem like a good idea and make it easier to remember, but cybercriminals are expecting it. They can take just a few characters of a compromised password and quickly crack the rest of it, even if it was recently changed.

To ensure the password is uncrackable, be sure all variations of the compromised password are changed and never use that compromised password or a variation of it again. Cybercriminals know users often return to old passwords. They will run that password through their system repeatedly for years.

Step 3: Notify Victims as Soon as Possible

As a security leader, it’s important to let any employees who have exposed credentials know they are at risk and are putting the company at risk. They will need to know which account(s) are exposed, the severity of the exposure and what type of information was exposed. In order to do that, you need to use state-of-the-art account takeover prevention software, such as SpyCloud, that can provide that level of detail.

If you discover the credentials that have been compromised are work-related, it’s critical to ensure that password isn’t tied to internal systems and data. If it is, it must be reported so those systems can be protected. You may decide to shut the account down immediately or force the employee to change their password to a complex, unused password. Additionally, the employee should be sure they aren’t using that exposed password (and never will again) on any other accounts, including personal accounts.

Step 4: Enable Two-Factor Authentication

Whenever it is offered, use 2FA. While it doesn’t provide the ultimate protection, it does offer another layer of security. 2FA will establish another identification method on accounts that offer the capability, often sending the user a unique code via a push notification on their mobile device.

Even if a cybercriminal gains access to credentials, they won’t immediately be able to access the associated account unless they provide the second factor of authentication. If possible, opt for the texted/pushed code and not personal questions like your mother’s maiden name. That type of information is fairly easy to piece together thanks to social media.

Step 5: Implement a Password Manager

One of the best ways you can protect your passwords is by using a password manager. Password managers auto-generate long, complex passwords that are near impossible for criminals to hack – and they’re unique for every account. Employees should be required to use password managers, particularly on their work-related accounts. This will protect the enterprise should a personal account be exposed that had the same password as a work account.

Even while password managers provide the best protection against a password hack, many people still don’t use them. If you are a security leader in an organization, consider setting up a training day or mandatory web training on why password managers are so critical, which ones you recommend and how to use them. You will not only protect the enterprise, but you will educate and empower employees to protect themselves.

It doesn’t appear that data breaches are slowing down. With each one, PII and credentials are exposed that put not only personal accounts at risk, but corporate accounts as well due to password reuse. It’s a constant danger and the remediation often begins at the enterprise. Learn more about what you can do and how SpyCloud can help.

August 6, 2019

Categories:Uncategorized