Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Businesses Privacy Social Networks IT

97% of the Top Companies Have Leaked Credentials Online (onthewire.io) 21

Posted by EditorDavid from the passed-along-passwords dept.
Apparently lots of people have been use both their work email address and work password on third-party sites -- suggesting a huge vulnerability. Trailrunner7 quotes On The Wire: The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places... [R]esearch from Digital Shadows found that the most significant breach for the global 1,000 companies it looked at was the LinkedIn incident... Digital Shadows found more than 1.6 million credentials online for the 1,000 companies it studied. Adobe's breach was next on the list, with more than 1.3 million credentials.
"For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."
This discussion has been archived. No new comments can be posted.

97% of the Top Companies Have Leaked Credentials Online More

97% of the Top Companies Have Leaked Credentials Online

Comments Filter:
  • of this conversation.
  • Lets turn that around. You leak my personal information, you're a CXX, you go to jail for 2 years. Plus all the additional penalties being a convicted felon bring you. Funny how many CXX's think security is something to pay attention to.

    Penalties double if you're a federal employee.
    >br> Penalties quadruple if you are 1 link or less from a congresscritter.

    Somehow I see the NSA suddenly being tasked to secure us, instead of attack us. I don't see that as a bad thing.

    • Re: (Score:2)

      by GuB-42 ( 2483988 )

      You leak my personal information, you're a CXX, you go to jail for 2 years.

      CXX? Are .cpp and .cc safe?
      And while leaks can sometimes be traced to bugs in source files, jailing them is not the solution. Jailing the running process may be a good idea though, but it is better do it before it starts leaking data.

  • It's so very hard to sell security as a feature. It costs a lot of money to do, ridiculously so since so much other software is likewise built insecurely. And it's not like anyone can tell when they're buying software whether it is secure or not, not without spending about as much money as was spent writing it in the first place (although they could check for some of the more obvious flaws).

    Besides, if all else fails, a bribe to the sysadmin will overcome any security measures.

  • Misleading article (Score:5, Informative)

    by Alan Shutko ( 5101 ) on Saturday September 24, 2016 @09:58PM (#52955663) Homepage

    This study looked at the email addresses in the data breaches, and looked for email addresses associated with large companies. They then assumed that the passwords used would match the passwords used for corporate resources. The real nature of the study is that "People signed up for services with their work email addresses" which isn't nearly as interesting or clickbaity.

    • Yup. Somehow "the vast majority of organizations have users who violate company policy by using their work email accounts for personal matters" doesn't seem nearly as compelling.

  • If you chose a 30 character yahoo password with mixed case and punctuation, it still wouldn't be cracked. But you wanted something easy to type and remember and now it's out there.

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close