The tendency of people to use the same password for multiple accounts presents a vexing challenge for teams tasked with safeguarding those accounts, not only in a customer-facing capacity, but also with respect to employees. Password reuse allows adversaries with access to compromised credentials to access multiple business and personal accounts, putting enterprises and individuals at risk to account takeover, fraud, and misuse.
As the technology and tools to leverage stolen credentials advance, organizations must have awareness of their exposure to credential breaches, as well as exposed domains and passwords. However, the illicit communities in which threat actors exchange stolen credentials are difficult—and often risky—to access and monitor. Flashpoint has established expansive visibility into compromised credentials datasets from a wide range of sources, including deep and dark web (DDW) forums, encrypted chat services platforms, publicly released data leaks, and private threat actor groups. In turn, this visibility equips organizations with the data needed to mitigate risk to their business and customers.
Flashpoint understands the challenges of protecting customer and enterprise accounts from the phishing, brute-force, and credential stuffing attacks that facilitate account takeover (ATO). To that end, we’ve specifically designed our new Compromised Credentials Monitoring (CCM) offering to help teams identify and mitigate these threats by allowing users to monitor exposure of compromised credentials for their enterprise domains and customer email addresses in order to take quick and effective action after breaches.
On an ongoing basis, Flashpoint’s advanced technology gathers compromised credentials data, allowing for organizations to access the most up-to-date breach data and receive notification as soon as compromised credentials have been identified. Flashpoint intelligence analysts have spent years monitoring illicit communities, and are armed with the skill sets and accesses to obtain data when and where compromised databases and credentials are exposed. Their familiarity with threat actor tactics, techniques and procedures (TTPs) allows them to identify recycled data leaks claimed by actors as new leaks, and ensure customers are provided the most relevant and recent compromised credentials.
Flashpoint Compromised Credentials Monitoring (CCM) includes two offerings:
CCM – Enterprise
Abuse of employee credentials can grant attackers to your organization’s network and expose sensitive business and personal data. CCM – Enterprise enables organizations to search and monitor Flashpoint’s unique collections for compromised enterprise accounts and passwords in order to flag accounts, reset employee passwords, and restrict permissions to prevent actors from accessing confidential or personally identifiable information (PII).
Flashpoint’s ability to filter compromised email addresses that do not meet an organization’s password requirements, or identify only data from recent and relevant breaches, allows users to receive alerts on actionable data, saving time and resources. Companies can leverage Flashpoint’s API and data to automate workflows to reset exposed employee credentials, restrict access to resources, or receive notifications when a compromise has been detected. CCM – Enterprise also helps companies uphold strict password policies by ensuring employees’ credentials are unique and complex.
CCM – Customer
For businesses, the risk of account takeover through the targeting of customer accounts can pose a financial and/or reputational liability. CCM – Customer supports fraud loss avoidance by allowing organizations to monitor for compromised customer credentials, while enabling enterprises to prevent fraudulent activity and protect their client base.
CCM – Customer can help inform organizations’ policy decisions about whether to automate a password-reset process, monitor and flag an account, or notify a customer about their exposure. CCM – Customer can also ensure strong, unique passwords by preventing users from setting a password that is found within our compromised credentials datasets.