analysis

Not Your Breach, Still Your Problem

Even when you aren't the source of a data breach, you can still be on the hook.
Writer
January 25, 2016

Given the increase in large and widespread data breaches, organizations find themselves facing issues of user security and fraudulent activity — even if their systems were never breached. A user who maintains the same credentials across multiple sites may find several of their accounts exploited as a result of a data breach at just a single one of these services. The continued appearance of Fitbit user data, Spotify accounts, or Netflix logins could represent small breaches across each of these services, or simply a waterfall effect from other leaks we’ve seen in the last several months. Organizations increasingly shoulder responsibility for broader user security, and absorb the inevitable fall-out from data breach headlines.

These dumps of user accounts are widely available for sale (or even posted for free, as either samples or as a means of economic vandalism) in dumps across the light and dark web, with dozens of accounts from several services appearing each day. Security officials are now ultimately responsible for the impact of these user accounts; they need to have eyes open and ears to the ground at all times. These accounts could represent a slow trickle of concern from an external breach, or could be indicative of a bigger internal problem. As such, the expectations are now for constant vigilance on the appearance of user information. Remediation is no longer limited to internal breaches.

Security executives are struggling to account for the increase in responsibilities as a result of this change in scope. Further, these officials have no way of knowing how many breaches their users might be impacted by as time goes on. The compounded effect of one external breach after another can slowly chip away at the security of user accounts within an organization, without ever sending up a red flag. Thirty users in one outside breach, twenty here, a few hundred there, and slowly the vulnerabilities build.

Matchlight can help. Through our patented monitoring technology, Matchlight serves as your eyes and ears on the web, alerting you the instant your customer information or accounts appear where they shouldn’t. Whether monitoring specific sensitive data, or broader corporate information, Matchlight strengthens organizational security to expand your visibility — know what’s happening, as it’s happening, without waiting for third-party notifications.

About the author
Emily W. Emily serves as the Director of Analysis at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).