How a Hunt for Sports News Led to Compromised Credentials on the Dark Web

By June 24, 2019 Blog

Our work email addresses have become virtual calling cards, identifying us as official representatives for our businesses. They lend us credibility when communicating with clients, customers and vendors. Many IT departments use a combination of an employee’s email and password to allow access to protected company networks.

In the wrong hands, the login credentials you use to access your work computer or company network become a hacker’s weapon against your company’s security. Logins are a viable commodity on the Dark Web. The ability of buyers to cough up less than a dollar for a work email and password can mean having your data compromised for months without you being aware of the breach.

A Lax Company Culture Toward Enforcing Password Protocols

On-Site Computers recently took on a client who was concerned about having employee credentials on the Dark Web. They signed up for our 30-day Dark Web security trial, which led to a discovery that could have seriously impacted their business.

Our initial review immediately revealed the following issues:

  1. Lack of complexity – Most users were not using the type of password complexity needed to meet current security standards, including password length, characters and symbols, and uniqueness.
  2. Prolonged periods between password changes – Employees were waiting between 12 and 18 months to change their system passwords. There was no auto prompt requiring users to change them.
  3. Passwords in emails – We found instances of sensitive information, like passwords, directly in the body of emails.

The company did not have documented password security protocols and employees were not educated on password best practices when creating and maintaining their credentials.

Identifying an Issue Via Dark Web Monitoring

Three weeks after the company signed up for their trial, our help desk received a ticket alert that an employee’s work email and password were discovered during a routine Dark Web scan. We took this information back to the company and confirmed with the employee that the report was valid.

Further investigation revealed the email address and password found on the Dark Web were the same the employee used to access the company network. The employee had used work credentials to sign up for sports news from a questionable website – which was either a front or had been hacked.

If no actions were taken, this information might have caused a host of problems. Hackers could have:

  • Logged into employees’ emails and tracked their activity
  • Stolen sensitive information sent within emails
  • Accessed company systems and compromised more data
  • Uploaded ransomware or other malware and taken control of the company’s network

Addressing the Issue and Moving Forward

Once the credentials were found on the Dark Web, we immediately took the following steps to ensure the integrity of the company’s system:

  1. Deleted the employee’s old credentials and issued a new, complex password
  2. Scanned the network for any embedded viruses, malware or signs of unusual activity
  3. Attempted to get a response from the sports website, but received none
  4. Scheduled comprehensive scans for the next 6 months to monitor activity on the network

On-Site Computers used the experience to reinforce the importance of enforcing password protocols and to illustrate how the company’s current culture could have led to data being compromised. With the experience still fresh, the company implemented the following steps to protect from future attacks:

  • Created and enforced policies requiring users to create complex passwords for any system access
  • Signed up for advanced monitoring and continuous scanning for a year
  • Scheduled a cybersecurity training session for employees
  • Began conducting phishing tests for user awareness of social engineering attacks

Signing up for On-Site Computer’s Dark Web monitoring program and implementing the suggested security protocols allowed our client to feel secure that their network and data were safe from hackers.

If your company is looking for piece of mind when it comes to your security, contact On-Site Computers at (800) 669-8513 or online for a free 30-day Dark Web monitoring trial. You’ll discover if your information is already on the Dark Web and learn how our monitoring system can prevent future attacks.

Design & Developed by Himel Shahriar