sign in sign up
<<
Home , Data breach

Compromised Credentials, Customer Satisfaction and Your Bottom Line

Smriti Jaggi Product Management

February 2020 Data Breaches are becoming bigger and more frequent each year. ~4.1 B records were breached in first half of 2019 alone!

145 million Social 3,120 employees and Security numbers, contractors had their login information 99 million addresses compromised and more 2.5 million Xbox and PlayStation gamers' details hacked 1.7 million Imgur vBulletin forums hacked; user accounts were 819,977 accounts leaked on compromised hacking forums 7 Million Accounts for Minecraft Community 2.5 million Xbox ‘Lifeboat’ 1 Billion users affected and PlayStation 1.5 million gamers' details Instagram users hacked 13 Infected Android Apps on Play 60 Million Dropbox Instagram Accounts User details stolen

Confidential / Data Breaches are becoming bigger and more frequent each year. ~4.1 B records were breached in first half of 2019 alone!

145 million Social 3,120 employees and Security numbers, contractors had their login information 99 million addresses compromised and more 2.5 million Xbox and PlayStation gamers' details hacked 1.7 million Imgur 10+ BillionvBulletin forums hacked; user accounts were 819,977 accounts leaked on compromised hacking forums 7 Million Accounts for Minecraft Community 2.5 million Xbox ‘Lifeboat’ 1 Billion users affected and PlayStation 1.5 million gamers' details Instagram users hacked 13 Infected Android Apps on Google Play Phishing 60 Million Dropbox Millions of Steam Instagram Accounts User details stolen game keys stolen Confidential / Data Breaches - Stats at a glance…

Confidential / After any breach: Reset user password! Hurts User Engagement! ~14% users return less frequently when forced to reset password

Confidential / 1 Case Study of Yahoo’s Data Breach

Confidential / Yahoo breach was detected after 3 yrs

8/2013 7/2016 Yahoo Breach Breach Discovered

Confidential / Credentials available on dark web after 3 yrs

8/2013 7/2016 Yahoo Some credentials Breach Most credentials Breach for sale on dark Discovered for sale on dark web web

Confidential / Credentials now also available on pubic sites

8/2013 7/2016 Yahoo Some credentials Breach Most credentials Breach for sale on dark Discovered for sale on dark web web

When current methods find the stolen credentials

Confidential / Monetization of the credentials began way back in 2013

8/2013 7/2016 Yahoo Credential Some credentials Breach Most credentials Breach Stuffing for sale on dark Discovered for sale on dark starts web web

When current methods find the stolen credentials

Confidential / sell the credentials on dark web only after monetization

8/2013 Stolen credentials not 7/2016 available on dark web Yahoo Credential Some credentials Breach Most credentials Breach Stuffing for sale on dark Discovered for sale on dark starts web web

When current methods find the stolen credentials

Confidential / Hackers sell the credentials on dark web only after monetization

8/2013 Stolen credentials not 7/2016 available on dark web Yahoo Credential Some credentials Breach Most credentials Breach Stuffing for sale on dark Discovered for sale on dark starts web web

When current methods find the stolen credentials

Peace_of_Mind said the data dates back to 2012 and that he had been selling them privately since late 2015.

Confidential / 2 Value of Stolen Credentials over time

Confidential / Stolen credentials decrease in value over time Dark web has only a fraction of spilled credentials Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / Hackers monetization of credentials first to gain maximum value Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / Credentials are then sold to associates to get additional ROI Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / Credentials made publicly available on dark web in Phase 3 Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / Data breaches take time to be reported publicly Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / Larger group of attackers leverage publicly spilled credentials Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / When is the right time to identify spilled credentials?

Too late! Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / When is the right time to identify spilled credentials?

Here is when you need to identify spilled credentials Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / NIST recommends checking customer credentials Against what? Most dark web content already stale and recycled

...it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, ...

Confidential / CheckNIST recommends Quality of Customer checking Credentials customer credentials Against what? Most dark web content already stale and recycled

...it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, ...

Confidential / NIST recommends checking customer credentials Against what? Most dark web content already stale and recycled

...it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, ... T O O O L D

Confidential / Dark web credentials may offer <10% coverage at best

Billions of credentials are stolen

Some spills are detected (later)

Only a fraction are available in dark web Confidential / 3 Solution: Blackfish

Confidential / Blackfish Network: most complete list of spilled credentials

Blackfish N E T W O R K Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / BlackFish not only includes publicly available credentials…

Blackfish 9+ Billion Publicly Available N E T W O R K Credentials Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / … but also includes actively exploited credentials Shape has the most complete list of spilled credentials

Blackfish 9+ Billion 500 Million Publicly Available Actively Exploited N E T W O R K Credentials Credentials Credential Spill Value

Day 0 Tier 1 attacks Tier 2 attacks Tier 3 attacks Day 456 Tier 4 attacks Data Breach Attacker Attacker’s Dark web Avg time before Public Associates breach is reported

Confidential / 10M+ Users have their credentials leaked in data breaches Roughly 7/10 queries to Blackfish for personal addresses results in a hit…

Confidential / Exploited Credentials NOT publicly available on Dark Web: 96%

Friday Saturday Sunday Monday Tuesday Wednesday Thursday

Confidential / Exploited Credentials NOT publicly available on Dark Web: 96%

The BlackFish Network

As soon as stolen credentials are tried anywhere they are rendered useless everywhere. Friday Saturday Sunday Monday Tuesday Wednesday Thursday

Confidential / THANK YOU shapesecurity.com