How To Detect and Protect Against An Email Password Leak

“Has my email and password been leaked?”

This is a question you don’t want to be asking yourself, but it’s unfortunately a common occurrence. Email password leaks are some of the most frequent and dangerous cyberattacks. While they don’t do damage on their own, they reveal sensitive data that can be used to fuel bigger and much more devastating cybercrimes.

If you’re a large organization, how do you effectively protect your employees’ passwords from being leaked? You need a framework that includes strong password processes and an effective email security provider.

Data leaks and breaches happen frequently. News stories on leaks involving millions of passwords seem to pop up a few times a year. RockYou2021 is a recent example, where an anonymous forum user leaked 8.4 billion passwords. Verizon’s 2021 data breach report identified over 5,000 data breaches in 2020 alone, a substantial increase from the year before.

The Verizon report also found that 8 out of 10 data breaches were due to stolen passwords. This is exactly what happened with the New York City Law Department. In 2021, a single stolen password allowed a hacker to breach the department’s database. As a result, the perpetrators gained access to incredibly sensitive information, such as medical records, police misconducts, the identity of young criminals, and thousands of employee records.

With the high frequency of data breaches and the ability to compromise an entire database with a single account, detecting and preventing password leaks is vital.

If you suspect your password was leaked, there are two quick ways to check.

First, use a compromised credential checking service. This is a feature now included in many password managers, browser extensions, and operating systems. If you use Google Chrome, for example, the browser will alert you if any saved usernames and passwords have been compromised in a data breach.

Second, there are free data breach search websites you can use to see if any of your personal data was compromised. These sites track and archive data breach dumps.

You might be surprised to find several of your accounts associated with a breach, some of which you’ve likely forgotten about. And if you use similar usernames and passwords across several accounts, one leaked password could put several accounts at risk.

A password leak, database breach, or any other password-based cyberattack is very dangerous. It can look legitimate when done right and it often appears that the attacker was using valid credentials to gain access. But how did the attacker gain access to the password leaks and compromised credentials? Here are the most common ways:

• Phishing: One of the most common and relatively effective ways of getting someone’s username or password. Credential phishing involves tricking a person into divulging confidential information. Often, the attacker impersonates a legitimate agency or company to make him seem more trustworthy to the victim.

• Brute force: An attacker uses trial and error to run through all the possible password combinations to gain access to an account. Brute force is the least sophisticated and, therefore, slowest method.

• Keyloggers: An attacker infects a user’s computer with malware that tracks everything they type and input online, including login credentials.

• Man in the middle (MITM) attacks: A cybercriminal can compromise a router or unsecured network to intercept communications between people–including sensitive information like passwords.

There have been numerous data breaches and leaks over the years. Here are some notable ones where passwords or security questions were compromised.

• Yahoo: The company has fallen victim to large-scale data breaches several times, most notably in 2013 and 2014. About 3 billion user accounts and their security questions and answers were impacted, making it the largest known data breach. Yahoo alleges that the breaches were caused by state-sponsored actors, though some researchers doubt the claim.

• MySpace: A Russian hacker compromised 360 million MySpace accounts, including names, usernames, and birthdays in 2013. MySpace invalidated passwords for any accounts started before that year.

• NetEase: In 2015, the email addresses and plaintext passwords of about 230 million NetEase users were breached.

• Adobe: Adobe saw 153 million plaintext account passwords and hints breached in 2013.

• Evite: 101 million Evite users had their email addresses and plaintext passwords breached in 2013.

While data breaches are still quite frequent, large-scale plaintext password dumps are thankfully less common, especially today. Companies and organizations are generally better about encrypting passwords and sensitive data after several embarrassing instances of leaks and breaches.

Protecting your organization from a leaked password database exposed by attackers is crucial–a single password leak can lead to a large-scale data breach. One individual compromised account is enough for cybercriminals to enter a secure network. You need a strong email protection framework with the following features.

One of the best defenses you have against email password leaks is encryption. It’ll jumble database records from plaintext into unintelligible text. Even if an attacker breaches your database, they won’t be able to use the data. The only way to reverse it is to know the decryption key, which only you have.

Don’t rely on passwords alone. Require multiple layers of authentication in case your users’ login credentials get compromised. Use multi-factor authentication (MFA) or biometrics, for example, to ensure that a password leak isn’t enough to log in to an account. It’s also good management practice to require employees to change their passwords regularly.

You need a protocol in place that can quickly detect and respond to account compromise from a password leak. This is where Abnormal Security comes in. Our email security solution can detect if a login has been made suspiciously (such as an unusual location or IP address), even with the right credentials.

When an unauthorized login is confirmed, we automatically block the account in question and log it out of all active sessions. This helps prevent further attacks from the compromised account. Similarly, we can also detect if a vendor’s account has been compromised. Third-party account compromise is a common avenue for phishing attacks.

To learn more about how Abnormal stops email password leaks, request a demo of the platform today.