97% of the Top Companies Have Leaked Credentials Online (onthewire.io) 21
Apparently lots of people have been use both their work email address and work password on third-party sites -- suggesting a huge vulnerability. Trailrunner7 quotes On The Wire: The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places... [R]esearch from Digital Shadows found that the most significant breach for the global 1,000 companies it looked at was the LinkedIn incident... Digital Shadows found more than 1.6 million credentials online for the 1,000 companies it studied. Adobe's breach was next on the list, with more than 1.3 million credentials.
"For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."
"For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."
I'm so tired (Score:1)
Cheaper to ignore security than address it? (Score:2)
Penalties double if you're a federal employee.
>br> Penalties quadruple if you are 1 link or less from a congresscritter.
Somehow I see the NSA suddenly being tasked to secure us, instead of attack us. I don't see that as a bad thing.
Re: (Score:2)
You leak my personal information, you're a CXX, you go to jail for 2 years.
CXX? Are .cpp and .cc safe?
And while leaks can sometimes be traced to bugs in source files, jailing them is not the solution. Jailing the running process may be a good idea though, but it is better do it before it starts leaking data.
Because humans (Score:2)
It's so very hard to sell security as a feature. It costs a lot of money to do, ridiculously so since so much other software is likewise built insecurely. And it's not like anyone can tell when they're buying software whether it is secure or not, not without spending about as much money as was spent writing it in the first place (although they could check for some of the more obvious flaws).
Besides, if all else fails, a bribe to the sysadmin will overcome any security measures.
Misleading article (Score:5, Informative)
This study looked at the email addresses in the data breaches, and looked for email addresses associated with large companies. They then assumed that the passwords used would match the passwords used for corporate resources. The real nature of the study is that "People signed up for services with their work email addresses" which isn't nearly as interesting or clickbaity.
Re: (Score:3)
Yup. Somehow "the vast majority of organizations have users who violate company policy by using their work email accounts for personal matters" doesn't seem nearly as compelling.
Re: SJW fail (Score:1)
That's equality. Women can now be as dumb as men. SJW win.
Yeah but blame yourself really. (Score:2)
Re: (Score:1)
Top company for promoting sex bots.