The recent RockYou2021 database with leaked credentials is the largest to date with 8.4 billion credentials. While it’s likely a collection of existing Dark Web leaked password databases, having it all in a single place and ready to use makes it quite convenient for hackers.
While it’s a good practice to use a Dark Web scanner to check if your credentials were part of the leak, multi-factor authentication (MFA) is the only real protection you may have. Maybe you were not the lucky winner today and your credentials were not exposed, but looking ahead to the future, it’s safe to say that it’s only a matter of time. People use their credentials in hundreds of websites that we registered at least once in our life, if any of those are hacked, there is a very good chance your password will be cracked and made available for anyone to use.
Push-based authentication using your mobile phone, for example, is the best mix of security with user experience. It not only protects your credentials but can conveniently tell you if someone is trying to use your valid credential, when you receive an unsolicited Push message of someone trying to access a protected resource.
The real nightmare for IT teams is that people tend to use the same password everywhere, so there’s a good chance that leaked Facebook password could work for your company’s VPN. And remember, all it takes is one stolen credential for someone to get inside your network. It worked for the recent Colonial Pipeline hack, why not for your company?
The Zoom case April last year is another good example on how effective those leak databases can be. A database with more than 500k valid Zoom users’ credentials was sold in the Dark Web. They used existing leak credentials databases to perform a “credential stuffing” attack. Basically, they tested any kind of leaked credentials against Zoom login, and a good amount of those worked fine.
Learn more about how WatchGuard’s AuthPoint multi-factor authentication provides the security you need to protect identities, assets, accounts, and information.