[SANS ISC] Are Leaked Credentials Dumps Used by Attackers?

Today, I published the following diary on isc.sans.edu: “Are Leaked Credentials Dumps Used by Attackers?“:

Leaked credentials are a common thread for a while. Popular services like “Have I Been Pwned” help everyone know if some emails and passwords have been leaked. This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff)… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.