97% of the Top Companies Have Leaked Credentials Online

Apparently lots of people have been use both their work email address and work password on third-party sites -- suggesting a huge vulnerability. Trailrunner7 quotes On The Wire: The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places... [R]esearch from Digital Shadows found that the most significant breach for the global 1,000 companies it looked at was the LinkedIn incident... Digital Shadows found more than 1.6 million credentials online for the 1,000 companies it studied. Adobe's breach was next on the list, with more than 1.3 million credentials.
"For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."

I'm so tired

[BringsApples]

of this conversation.

Cheaper to ignore security than address it?

[Snotnose]

Lets turn that around. You leak my personal information, you're a CXX, you go to jail for 2 years. Plus all the additional penalties being a convicted felon bring you. Funny how many CXX's think security is something to pay attention to.

Penalties double if you're a federal employee.
>br> Penalties quadruple if you are 1 link or less from a congresscritter.

Somehow I see the NSA suddenly being tasked to secure us, instead of attack us. I don't see that as a bad thing.

Re:Cheaper to ignore security than address it?

[GuB-42]

You leak my personal information, you're a CXX, you go to jail for 2 years.

CXX? Are .cpp and .cc safe?
And while leaks can sometimes be traced to bugs in source files, jailing them is not the solution. Jailing the running process may be a good idea though, but it is better do it before it starts leaking data.

Re:Cheaper to ignore security than address it?

No, those will get their hpp's cut off.

Because humans

[penguinoid]

It's so very hard to sell security as a feature. It costs a lot of money to do, ridiculously so since so much other software is likewise built insecurely. And it's not like anyone can tell when they're buying software whether it is secure or not, not without spending about as much money as was spent writing it in the first place (although they could check for some of the more obvious flaws).

Besides, if all else fails, a bribe to the sysadmin will overcome any security measures.

Misleading article

[Alan+Shutko]

This study looked at the email addresses in the data breaches, and looked for email addresses associated with large companies. They then assumed that the passwords used would match the passwords used for corporate resources. The real nature of the study is that "People signed up for services with their work email addresses" which isn't nearly as interesting or clickbaity.

Re:Misleading article

[93+Escort+Wagon]

Yup. Somehow "the vast majority of organizations have users who violate company policy by using their work email accounts for personal matters" doesn't seem nearly as compelling.

Yeah but blame yourself really.

[h33t+l4x0r]

If you chose a 30 character yahoo password with mixed case and punctuation, it still wouldn't be cracked. But you wanted something easy to type and remember and now it's out there.

I get this spam all the time

I get this spam from 'dark web vendors' all the time:

"We know about 9000 of your id's and passwords that are compromised online"

Then when I get to look at them they are:

1) Email addresses
and
2) Old

As far as number 1 goes, we don't use email address to login in ANYWHERE. So it's not our id's
As far as #2 goes, the corporate systems AND every vendor we can make do it rotate every 90 days.

Go away vendors, you don't know what you are talking about.

chaussure nike air max 90 bw

[zhenhaiya]

air max Pas Cher Jeremy Corbyn sait qu’il se retrouve avec un parti profondément divisé. D’un côté, les 540 000 militants l’ont triomphalement confirmé à son poste. De l’autre, ses propres députés ne le soutiennent pas: 174 sur 230 d’entre eux ont voté une motion de défiance contre lui il y a seulement trois mois. Ce samedi, Jeremy Corbyn a tendu un rameau d’olivier à ses opposants. Nous avons beaucoup plus en commun que de raisons de nous diviser. Effaçons l’ardoise et reprenons à zéro. Se tournant vers Owen Smith, son opposant avec qui les échanges ont été tendus et acrimonieux cet été, il a salué sa campagne. Nous faisons partie de la même famille travailliste et cela restera toujours ainsi. Je vais tout faire pour repayer la confiance et le soutien que j’ai reçus pour rassembler notre parti.

Re: SJW fail

[bestweasel]

That's equality. Women can now be as dumb as men. SJW win.

In other news, 97% of people are dumb.

Reusing passwords = you are fired. I bet that makes a dent.

Re:In other news, 97% of people are dumb.

What? And run out of CEOs?

99% bureaucrats let capitolists get away with it

Follow the money and hold them accountable beginning with the Clinton Foundation.

Ashley Madison..."top company"?

Top company for promoting infidelity, perhaps.

Re:Ashley Madison..."top company"?

Top company for promoting sex bots.

Easy to sell - HARD to actually do it.

Easy to sell - HARD to actually do it.

We see claims of secure systems all the time. The IoT crap will be a nightmare - it already is for Brian Krebs.

My sites wouldn't survive.

Blame the government.

This is the governments fault. If they just left computer security up to private industry instead of nationalizing and unionizing it, we'd all be living in a security paradise. Instead we get soviet level security because of government interference in the free market. Low energy! SAD!