You’ve seen the headlines like, “New Dark Web Audit Reveals 15 Billion Stolen Logins From 100,000 Breaches,” but have you ever actually tried to find out if your password(s) are among those up for sale on the Dark Web? It’s something you want to know so that you can immediately change your passwords, and that’s exactly where a stolen password scanner comes in handy to help with preventing account takeover.

Who is stolen password scanning for?

Anyone with an email address that uses the internet will benefit from using a stolen password scanner. Employees use their email to login to all sorts of things from accounting systems to project management tools and remote meeting sites. And if you don’t have a Technology & Data Use Policy in place, it’s possible that employees are using their work email addresses for personal things like shopping and online banking.

What is a stolen password scanner?

Cybercriminals use a variety of techniques to acquire and/or crack passwords which they then aim to then sell, trade, and share on the digital underground: The Dark Web. A stolen password scanner regularly scans the Dark Web for any stolen passwords and other credentials and compiles a database of the compromised information. Sometimes a stolen password scanner will purchase blocks of stolen credentials from cybercriminals to get it off the Dark Web. The scanner usually delivers timely results in report format identifying things like which credentials are found, where they were mined from, the breach they might have been associated with, and event sometimes the actual passwords themselves.

When does stolen password scanning matter?

It’s important to regularly scan the Dark Web for stolen passwords to avoid potential damage a data breach can cause your company. Early detection of password theft not only alerts administrators and employees to change their passwords (to something strong!) before criminals get to use them, but also allows you to more quickly identify potential breaches and take additional precautionary measures. It’s especially important given so many users recycle their passwords, using the same password across many systems.

Where does stolen password scanning occur?

Stolen password tools are automated scanners, crawlers, and scrapers that locate stolen credentials across the internet (often the Dark Web). Some of these tools go a step further and have a team of researchers behind them who look in forums and chat rooms for stolen data as soon as possible after a breach. Once stolen credentials have been located, they are compiled into a database that can be searched to see if one’s credentials have been compromised.

Why is stolen password scanning important?

There are the obvious reasons, like the mere fact that you simply don’t’ want anyone gaining unauthorized access to accounts they’ve acquired login credentials for. And then there are the not-so-obvious reasons, some food for thought:

  • Security is all about convenience and many people just don’t want to deal with managing a vast number of passwords. That’s why password recycling (i.e. reusing the same password across systems, both company and personal) is so prevalent. If you don’t believe it, check out 8 Scary Statistics about the Password Reuse Problem over at Security Boulevard. If so many users are reusing their passwords, then what happens if their credentials are stolen from just one of the sites or systems the login to? They get put up on the Dark Web and cybercriminals have a field day running those credentials anywhere they can get their hands on. Just think: The employee who signed up for an account and ordered a pizza online from the local shop who was just breached may very well be using the same password for the corporate network or banking system. It’s recipe for disaster, and that’s why it’s so very important to closely monitor for stolen passwords and take swift action when they’re found.

A direct hit means taking direct action

So you see an employee’s email address and password show up in stolen password scanner results, what do you do now?

  1. Require employees with compromised credentials to change their passwords (or have IT help with it) to any account that was using that password and make sure they are all unique – strong passwords recommended and no password recycling!
  2. Create (or update) a Technology & Data Use Policy that does not allow employees to use their company email addresses for personal use to reduce the risk of a cybersecurity incident.
  3. Run a Vulnerability Scan to find out if anything on your network has been compromised.
  4. Monitor affected accounts and related email activity regularly to see if anything else comes up.
  5. Where it’s an option, turn on Two-Factor Authentication for any accounts impacted. In fact, turn it on everywhere you can!

If password maintenance is the major hurdle for you or your organization—and it is for many—just remember there are lots of tools out there that can help. Vault your cybersecurity posture with regular stolen password scanning and also consider a password vault that does the grunt work for you.