Skip to main content

RESOURCES

Enzoic Blog

Research, views, and insights on cybersecurity, account takeover, fraud, and more

Viewing All Blogs

, ,

Surprising Password Guidelines from NIST

The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.

Read More

Hackers Use Compromised Credentials To Defraud 3rd Party Sellers on Amazon

Hackers are actively targeting those 3rd party sellers using stolen and compromised credentials (a password and user name combo) to gain access to the seller’s accounts, costing them tens of thousands of dollars.

Read More

LeakedSource Shut Down by DOJ

Last week, a breach notification site named LeakedSource was allegedly shut down by US law enforcement and much of their equipment confiscated. The reasons why they may have been targeted by law enforcement are unknown, although it's possible to hazard some guesses as to why. Were they White Hat, Black Hat or Grey Hat?

Read More

,

Enzoic Launches Exposed Password and Credentials API Service for Enterprises

PasswordPing announces the launch of its patent-pending password and credential breach notification service, which proactively notifies organizations if their users are using exposed credentials. Billions of accounts have been exposed in breaches and often the users are completely unaware of it.

Read More

,

Punishing users for *possibly* using another site with a breach

I recently received an email that notified me of a forced password reset for one of my online accounts due to the AdultFriendFinder breach. I DON'T have an AdultFriendFinder account and have never used that site, but because of the reuse of passwords across multiple sites, a breach for one company creates a domino effect for other companies.

Read More

,

Users Suck at Passwords. Help Them.

How many of your users are using insecure and compromised passwords? You may have a standard password strength meter on your site so you may think that your users have secure passwords. Think again. Password strength meters and password complexity requirements are simply not enough.

Read More

, , ,

What the Heck is “Credential Stuffing”?

Billions of user credentials (usernames and passwords) have been exposed publicly over the last few years. The natural question that comes up is “what do cybercriminals do with these stolen credentials?”

Read More

,

Yahoo Confirms Largest Known Breach in History: 500MM Accounts

Back in August, a hacker named peace_of_mind claimed to be selling a database containing credentials for 200 million Yahoo accounts.

Read More