Five Ways to Protect Your Business Against Credential-Based Data Breaches

Note: 1Password has not been compromised. This blog post provides practical tips to protect your organization from a recent string of credential-based breaches.

Over the last few months, there have been a number of credential-based breaches, including the attacks on Ticketmaster, Santander Bank, and others.

As details regarding this string of attacks continue to be uncovered, it is critical that organizations take precautionary measures in order to protect themselves and their customers from potentially being compromised by cybercriminals. While the details may be murky, it’s likely that cybercriminals are successfully “stuffing” stolen credentials into numerous systems and databases to see what they can unlock. This underscores the consequences of risky behavior many employees have of reusing the same email and password on multiple sites.

What happened? Recently, there has been a string of high-profile attacks on large organizations. These attacks have been primarily credential-based and focused on cloud-based data platforms, resulting in the theft of sensitive information. Organizations that are not using multi-factor authentication (MFA) have been particularly at risk.

Who’s impacted? Currently, more than 165 organizations have been impacted, and it is unclear how widespread these attacks will become. If your organization is using credentials in any manner, it may be at risk from this attack.

How can I tell if I’ve been breached? It’s imperative to begin monitoring security data and logs for anomalous behavior that can indicate a security incident. This includes analyzing access logs for context that may indicate a breach, such as access from uncommon locations or at odd times. You can also use Have I Been Pwned to see if a specific email address has been impacted by recent breaches.

If your company is a 1Password customer, you can also check Business WatchTower to see if any employee email addresses have been impacted.

What to do about credential-based data breaches

Given that this breach may be using credentials from large collections of compromised data, like the Mother of All Breaches or rockyou2024, there is risk for every organization and individual reusing credentials in multiple places. This is especially true for applications or websites that may contain sensitive data, such as cloud databases like Snowflake.

The main action organizations should take is to require employees to change any passwords that are reused in multiple places and replace them with strong and unique passwords. Given the scope and sheer number of credentials involved, organizations should use an enterprise password manager to manage this process.

Below are five ways organizations can shore up defenses from these types of cyberattacks and prevent unauthorized access:

Use contextual access management to review access requests against defined policies, such as location, device health, and configuration.
Use multi-factor authentication to ensure that users require more than just a username/password to access tools with sensitive data. This extra layer of security can go a long way to slowing or preventing attacks like credential stuffing.
Implement and enforce strong password policies including having strong, unique passwords for every account and system. This is the only way to ensure that if a single accounts’ credentials are stolen, that no other systems will be at risk. In terms of requirements, CISA has published guidelines for strong passwords that can be used in developing policies.
Use passkeys wherever possible to bypass having to use passwords. 1Password has the ability to provide an alert if a service is eligible for passkeys or you can visit passkeys.directory to view eligible services.
Discover and secure unmanaged applications in order to minimize the number of credentials that may be weak or reused in your organization.

How 1Password can help

The biggest challenge with breaches of this magnitude is that virtually any and every company is at risk. 1Password helps organizations secure credentials across your entire organization and across tools you may not have visibility into. With 1Password, you can:

Secure web accounts and unmanaged tools, including shadow IT, that your employees bring in from the edge, which may unknowingly contain customer data.
Enforce password and device health policies and provide employees with an easy-to-use interface that makes access easier for them in the process.
Implement passkeys across your organization for a stronger method of authentication. 1Password has a free tool, Passkey Ready, that can help users gauge passkey readiness.
Integrate with SIEM tools to monitor events that occur on credentials stored in 1Password, providing a better view into anomalous behavior.

The key takeaway: by requiring that every employee use a unique password for every business site and data store, then a stolen password in one place won’t lead to a data breach in another.

If you need help or support addressing this breach, contact us today.

See below for additional resources regarding implementing MFA and strong password policies.

1Password

Credential-based data breaches: Five ways to shore up defenses and prevent unauthorized access

TIPS & ADVICE

BUSINESS

What to do about credential-based data breaches

How 1Password can help

Tweet about this post

Continue Reading

What to do if you were impacted by “The Mother of All Breaches”

CISA: Enforcing a password manager protects your business

What to do about credential-based data breaches

How 1Password can help

Tweet about this post

Continue Reading

What to do if you were impacted by “The Mother of All Breaches”

NEWS

TIPS & ADVICE

CISA: Enforcing a password manager protects your business

NEWS

SECURITY