Note: 1Password has not been compromised. This blog post provides practical tips to protect your organization from a recent string of credential-based breaches.
Over the last few months, there have been a number of credential-based breaches, including the attacks on Ticketmaster, Santander Bank, and others.
As details regarding this string of attacks continue to be uncovered, it is critical that organizations take precautionary measures in order to protect themselves and their customers from potentially being compromised by cybercriminals. While the details may be murky, it’s likely that cybercriminals are successfully “stuffing” stolen credentials into numerous systems and databases to see what they can unlock. This underscores the consequences of risky behavior many employees have of reusing the same email and password on multiple sites.
What to do about credential-based data breaches
Given that this breach may be using credentials from large collections of compromised data, like the Mother of All Breaches or rockyou2024, there is risk for every organization and individual reusing credentials in multiple places. This is especially true for applications or websites that may contain sensitive data, such as cloud databases like Snowflake.
The main action organizations should take is to require employees to change any passwords that are reused in multiple places and replace them with strong and unique passwords. Given the scope and sheer number of credentials involved, organizations should use an enterprise password manager to manage this process.
Below are five ways organizations can shore up defenses from these types of cyberattacks and prevent unauthorized access:
- Use contextual access management to review access requests against defined policies, such as location, device health, and configuration.
- Use multi-factor authentication to ensure that users require more than just a username/password to access tools with sensitive data. This extra layer of security can go a long way to slowing or preventing attacks like credential stuffing.
- Implement and enforce strong password policies including having strong, unique passwords for every account and system. This is the only way to ensure that if a single accounts’ credentials are stolen, that no other systems will be at risk. In terms of requirements, CISA has published guidelines for strong passwords that can be used in developing policies.
- Use passkeys wherever possible to bypass having to use passwords. 1Password has the ability to provide an alert if a service is eligible for passkeys or you can visit passkeys.directory to view eligible services.
- Discover and secure unmanaged applications in order to minimize the number of credentials that may be weak or reused in your organization.
How 1Password can help
The biggest challenge with breaches of this magnitude is that virtually any and every company is at risk. 1Password helps organizations secure credentials across your entire organization and across tools you may not have visibility into. With 1Password, you can:
- Secure web accounts and unmanaged tools, including shadow IT, that your employees bring in from the edge, which may unknowingly contain customer data.
- Enforce password and device health policies and provide employees with an easy-to-use interface that makes access easier for them in the process.
- Implement passkeys across your organization for a stronger method of authentication. 1Password has a free tool, Passkey Ready, that can help users gauge passkey readiness.
- Integrate with SIEM tools to monitor events that occur on credentials stored in 1Password, providing a better view into anomalous behavior.
The key takeaway: by requiring that every employee use a unique password for every business site and data store, then a stolen password in one place won’t lead to a data breach in another.
If you need help or support addressing this breach, contact us today.
See below for additional resources regarding implementing MFA and strong password policies.
Tweet about this post