The simplest way for attackers to access your organisations information assets is by using an employee’s username and password.

Where employees are required to access external systems, this often creates problems for an organisation.  When an employee is assigned a username and password, on first login they will be prompted to change the password.  Since they can choose the new password, they will choose something that is simple and easy to remember.

Since most systems today use passwords to provide access, the employee probably has a lot of passwords to remember.  In order to remember the password, the employee will use the same password as for all other accounts including your internal system accounts.

The security risk arises when external services used by the employee are hacked, or a leak occurs.  Since the employee uses the same email address and password, anyone who obtains the leaked credentials can subsequently login to the company’s system.

If the attacker is a skilled hacker, this can mean considerable damage to the company.

Password monitoring

The solution to this problem is our password monitoring service.  This service is integrated into the Safestate platform and it continuously and actively searches for new leaks (manually and automatically) in:

  • Dumped and leaked text (Pastebins)
  • Highly protected forums on the Darknet
  • Protected forums on the Clearweb
  • TOR and I2P networks
  • P2P networks (Dumped torrents)
  • Web directories on the Clearweb
  • Databases for leaked data (MongoDB)
  • Cloud sharing services (Mega/Cloud drive)

By using our password monitoring service, you get an alarm immediately when a user’s information has been leaked.  The advantage of this is that you gain time so that you have time to change the password on the leaked account.  By doing so, you can significantly reduce the risk of being victim of a cyberattack or information leak.

Free is not always good
We are sometimes asked why a customer should use our service and not a free service.  The answer is quite simple – we have the resources and systems to actively search for leaks which allows us to find leaks faster.  We don’t just search publicly which means the time between when the content of the leak is published or sold until an attacker tests the credentials on your systems is minimal.

The following is a comparison between HaveIBeenPwned and our service.

Safestate HaveIBeenPwned
Leaked accounts 26 biljoner 10 biljoner
Number of leaks 5 000+ 479
Can alert about new leaks x x
Looks for public well-known leaks x x
Protects all domain email addresses x
Looks for hidden leaks x
Actively & automatically searches for new leaks x

Nyfiken på Safestate?

Nu kan du testa Safestate helt kostnadsfritt. Sårbarhetsskanna ditt företags webb, skicka ut ett phishingtest eller börja arbeta med dina risker. Klicka på länken nedan för att registrera ett gratiskonto.