How To Triage Leaked Credentials

How To Triage Leaked Credentials

What To Do When You Discover Leaked Credentials

Leaked and stolen credentials pose a critical risk to organizations everywhere. In fact, 61% of breaches involve compromised credentials. Every year, billions of credentials appear on the dark web, paste sites, and in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and more.

But what do you do if you’ve discovered leaked employee or customer credentials? This step-by-step guide will show you exactly what to do.

how-to-triage-leaked-credentials-1-1.jpg

You identify leaked credentials that include a password. Proceed to the next step.

Step 2

Does the password adhere to your company password policy, or can you not confirm because it’s a hashed password?

Step 3

Check internal resources to see if the email address is still active.

Step 4

Have the same Email Address and Password been identified in the past (e.g., in an older breach)?

Resetting passwords for leaked credentials isn’t too difficult, but maintaining the widespread visibility necessary to discover when leaked credentials appear is far more challenging. Brand Intelligence from Recorded Future automatically identifies and alerts you to leaked credentials from over 1 million unique sources including paste sites, GitHub, and the dark web. Request a demo to see how you can reduce account takeover risk for your organization.