The Outsized Risk From Small Data Breaches

Most attention is given to data breaches counted in the tens or hundreds of millions, but there is also a continuous stream of small data breaches that make no headlines but present outsized risks to individuals and organizations. In a recent analysis by Enzoic of breach data collected from the Internet and Dark Web, a full 90% of credential exposures …

password reuse is bad

The Magician’s Handkerchief of Password Reuse

Yesterday I received an email in my inbox from a prominent gaming website, indicating that my account had been disabled due to “suspicious activity” and that I would need to reset my password. They then carefully explained that this was not due to a breach of their site, but instead likely due to my account credentials having been exposed either …

LeakedSource Shut Down

LeakedSource Shut Down by DOJ

Last week, a breach notification site named LeakedSource was allegedly shut down by US law enforcement and much of their equipment confiscated. The reasons why they may have been targeted by law enforcement are unknown, although it’s possible to hazard some guesses as to why. Were they White Hat, Black Hat or Grey Hat?

facebook login

What the Heck is “Credential Stuffing”?

Billions of user credentials (usernames and passwords) have been exposed publicly over the last few years. The natural question that comes up is “what do cybercriminals do with these stolen credentials?” Well, apart from using them to attempt logins to the breached website itself, the second most common thing cybercriminals will do with stolen credentials is to use them in an attack called “credential stuffing.”