Info Security: Google Research Finds Stolen Credentials For Sale

November 10, 2017 — Google Research Finds Stolen Credentials For Sale

Lisa Baergen, director at NuData, comments on a study of dark web markets by Google that has found millions of usernames and passwords that were stolen directly through attacks.

Lisa Baergen, director at NuData Security, said: “This news affects every company, in every sector. Many people (including employees) continue to reuse usernames and passwords across many sites. Is it time for employer policies that prohibit the employee’s use of off-duty passwords for corporate email accounts, and likewise, the use of workplace emails as secondary verification for personal accounts? A leap from a user’s personal Gmail account into their workplace account sets up a scenario for new levels of successful Whale Phishing.

“The news of ongoing, massive-scale theft of Gmail credentials should be a wake-up call that it’s time to fundamentally re-think authentication, and incorporate continuous validation techniques data that can’t be mimicked, such as passive biometrics. Email contains so much strategic information – it’s time to equip that ubiquitous yet critical application with the security it deserves.”

For the complete article, go here.