Not Your Breach, Still Your Problem

Next: Holiday Sales on the Dark Web
Previous: Poseiden and the Brazilian Data Deluge
Even when you aren't the source of a data breach, you can still be on the hook.
Writer Emily W.
January 25, 2016

Emily serves as the VP of Research at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

Given the increase in large and widespread data breaches, organizations find themselves facing issues of user security and fraudulent activity — even if their systems were never breached. A user who maintains the same credentials across multiple sites may find several of their accounts exploited as a result of a data breach at just a single one of these services. The continued appearance of Fitbit user data, Spotify accounts, or Netflix logins could represent small breaches across each of these services, or simply a waterfall effect from other leaks we’ve seen in the last several months. Organizations increasingly shoulder responsibility for broader user security, and absorb the inevitable fall-out from data breach headlines.

These dumps of user accounts are widely available for sale (or even posted for free, as either samples or as a means of economic vandalism) in dumps across the light and dark web, with dozens of accounts from several services appearing each day. Security officials are now ultimately responsible for the impact of these user accounts; they need to have eyes open and ears to the ground at all times. These accounts could represent a slow trickle of concern from an external breach, or could be indicative of a bigger internal problem. As such, the expectations are now for constant vigilance on the appearance of user information. Remediation is no longer limited to internal breaches.

Security executives are struggling to account for the increase in responsibilities as a result of this change in scope. Further, these officials have no way of knowing how many breaches their users might be impacted by as time goes on. The compounded effect of one external breach after another can slowly chip away at the security of user accounts within an organization, without ever sending up a red flag. Thirty users in one outside breach, twenty here, a few hundred there, and slowly the vulnerabilities build.

Matchlight can help. Through our patented monitoring technology, Matchlight serves as your eyes and ears on the web, alerting you the instant your customer information or accounts appear where they shouldn’t. Whether monitoring specific sensitive data, or broader corporate information, Matchlight strengthens organizational security to expand your visibility — know what’s happening, as it’s happening, without waiting for third-party notifications.

analysis March 20, 2019
Trends and Projections: Shifting Law Enforcement

For the first post in the Trends and Projections series, we unpack the increased law enforcement attention toward cyber-enabled fraud and the shift in resources allocated to taking down dark web communities trading compromised...

analysis January 24, 2019
Collection #1: Why You Should Care but Not Panic

January is not yet over and 2019 has already brought us the second biggest collection of stolen data in history. Unlike traditional data breaches, Collection #1 is actually a massive collection of smaller credential...