February 2020 Smriti Jaggi Product Management Compromised Credentials, Customer Satisfaction and Your Bottom Line
February 2020
Smriti JaggiProduct Management
Compromised Credentials, Customer Satisfaction and Your Bottom Line
Confidential /
Data Breaches are becoming bigger and more frequent each year.~4.1 B records were breached in first half of 2019 alone!
2.5 million Xbox and PlayStation gamers' details
hacked60 Million Dropbox User details stolen
7 Million Accountsfor Minecraft Community ‘Lifeboat’
145 million Social Security numbers, 99 million addresses and more
1 Billion users affected
1.7 million Imgur user accounts were compromised
vBulletin forums hacked;
819,977 accounts leaked on hacking forums
3,120 employees and contractors had their login information compromised
1.5 million Instagram users13 Infected Android Apps on Google Play Phishing Instagram Accounts
2.5 million Xbox and PlayStation gamers'
details hacked
Confidential /
Data Breaches are becoming bigger and more frequent each year.~4.1 B records were breached in first half of 2019 alone!
3,120 employees and contractors had their login information compromised
7 Million Accountsfor Minecraft Community ‘Lifeboat’
145 million Social Security numbers, 99 million addresses and more
1 Billion users affected
Millions of Steam game keys stolen
2.5 million Xbox and PlayStation gamers' details
hacked1.5 million Instagram users13 Infected Android Apps on Google Play Phishing Instagram Accounts
vBulletin forums hacked;
819,977 accounts leaked on hacking forums
1.7 million Imgur user accounts were compromised
2.5 million Xbox and PlayStation gamers'
details hacked
60 Million Dropbox User details stolen
10+ Billion
Confidential /
Data Breaches - Stats at a glance…
Confidential /
After any breach: Reset user password! Hurts User Engagement!~14% users return less frequently when forced to reset password
Confidential /
Case Study of Yahoo’s Data Breach
1
Confidential /
Yahoo breach was detected after 3 yrs
Yahoo Breach
Breach Discovered
7/20168/2013
Confidential /
Credentials available on dark web after 3 yrs
Yahoo Breach
Breach Discovered
Most credentials for sale on dark web
Some credentials for sale on dark web
7/20168/2013
Confidential /
Credentials now also available on pubic sites
Yahoo Breach
Breach Discovered
Most credentials for sale on dark web
Some credentials for sale on dark web
When current methods find the stolen credentials
7/20168/2013
Confidential /
Monetization of the credentials began way back in 2013
Yahoo Breach
Credential Stuffingstarts
Breach Discovered
Most credentials for sale on dark web
Some credentials for sale on dark web
When current methods find the stolen credentials
7/20168/2013
Confidential /
Hackers sell the credentials on dark web only after monetization
Stolen credentials not available on dark web
Yahoo Breach
Breach Discovered
Most credentials for sale on dark web
Some credentials for sale on dark web
Credential Stuffingstarts
When current methods find the stolen credentials
7/20168/2013
Confidential /
Hackers sell the credentials on dark web only after monetization
Stolen credentials not available on dark web
Yahoo Breach
Breach Discovered
Most credentials for sale on dark web
Some credentials for sale on dark web
Credential Stuffingstarts
When current methods find the stolen credentials
7/20168/2013
Peace_of_Mind said the data dates back to 2012 and that he had been selling them privately since late 2015.
Confidential /
Value of Stolen Credentials over time
2
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Stolen credentials decrease in value over timeDark web has only a fraction of spilled credentials
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Hackers monetization of credentials first to gain maximum value
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Credentials are then sold to associates to get additional ROI
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Credentials made publicly available on dark web in Phase 3
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Data breaches take time to be reported publicly
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Larger group of attackers leverage publicly spilled credentials
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Too late!
When is the right time to identify spilled credentials?
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
Here is when you need to identify spilled credentials
When is the right time to identify spilled credentials?
Confidential /
...it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, ...
Against what? Most dark web content already stale and recycledNIST recommends checking customer credentials
Confidential /
...it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, ...
Check Quality of Customer CredentialsAgainst what? Most dark web content already stale and recycledNIST recommends checking customer credentials
Confidential /
...it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, ...
T O O O L D
Against what? Most dark web content already stale and recycledNIST recommends checking customer credentials
Confidential /
Dark web credentials may offer <10% coverage at best
Billions of credentials are stolen
Only a fraction are available in dark web
Some spills are detected (later)
Confidential /
Solution: Blackfish
3
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
BlackfishN E T W O R K
Blackfish Network: most complete list of spilled credentials
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
BlackfishN E T W O R K
9+ BillionPublicly Available
Credentials
BlackFish not only includes publicly available credentials…
Confidential /
Tier 1 attacksAttacker
Day 0 Data Breach
Tier 4 attacksPublic
Tier 2 attacksAttacker’s Associates
Tier 3 attacksDark web
Day 456Avg time before
breach is reported
Cre
dent
ial S
pill
Valu
e
BlackfishN E T W O R K
500 MillionActively Exploited
Credentials
9+ BillionPublicly Available
Credentials
… but also includes actively exploited credentialsShape has the most complete list of spilled credentials
Confidential /
10M+ Users have their credentials leaked in data breachesRoughly 7/10 queries to Blackfish for personal email addresses results in a hit…
Confidential /
Exploited Credentials NOT publicly available on Dark Web: 96%
Friday Saturday Sunday Monday Tuesday Wednesday Thursday
Confidential /
Exploited Credentials NOT publicly available on Dark Web: 96%
Friday Saturday Sunday Monday Tuesday Wednesday Thursday
As soon as stolen credentials are tried anywhere
they are rendered useless everywhere.
The BlackFish Network
THANK YOUshapesecurity.com