Where is this coming from?

I have introduced the www.HaveIBeenPwned.com service to a number of people recently. They have gone on to the website. They have typed in their email addresses and in some cases they have found that they have been included in data breaches. When they’ve gone to look and see what was breached, in a number of cases they had at least their email address and password for that service were included in the data breach.

Also check out previous #WeekendWisdom 014, #WeekendWisdom 015 and #WeekendWisdom 016.

Data breaches are bad. What should they do?

So they asked me “What should I do?”. The first thing of course is always, they must change their password on that service or site or whatever it was that was breached. Then I ask “Do you use that password anywhere else?” And they say “Yeah. I use it on multiple sites” or “It’s my favourite password. I use it everywhere.”

So I said “Well you’re going to have to change that password on all of these other platforms.”

They say “That’s going to be an awful lot of effort. Why should I worry?”

Why did you call this post Credential Stuffing?

You worry because of a thing called Credential Stuffing. What happens is that the bad guys, they take these data breaches, say from LinkedIn back in 2012. They take those email addresses and passwords that they have cracked and they try to sign into Facebook, into Twitter, into Microsoft 365, into Google G Suite, into Gmail and many, many other services. The criminals will try all of these things automatically.

They are stuffing credentials into services to be able to try and break in. That is what credential stuffing is all about. That is why you should not use the same password across multiple platforms and services.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 056 Credential Stuffing appeared first on L2 Cyber Security Solutions Ltd..

We’ve heard of companies having data breaches and losing people’s data. But how could you find out if you are included in some of the data breaches? There is a free site from a gentleman called Troy hunt from Australia and the site is called www.haveibeenpwned.com. “Pwned” is hacker-speak for “Owned” or compromised so “Have I been compromised .com” really.

So have you been in a data breach?

All you have to do is:

1. Go to the site
2. Enter your email address
3. Click “Pwned?”

If it it comes up saying no pwnage found, happy days that email address is safe. It is not included in a data breach that Troy Hunt is aware of.

However if you input your email address and click “Pwned?” and it comes up “Oh no pwnage found”:

1. Scroll down the web page
2. It will show you what breaches you have been included in
3. It will also show you what details have been lost in that data breach

So you are now aware of what information is out there in the wild.

Can I receive a warning if I have been in a data breach?

If you want to be notified, if you ever do come into a data breach in the future, from this website:

1. You can click notify me
2. Then click the I’m not a robot
3. Click “please notify me of pwnage”
4. Then you will be sent a verification email
5. Once you click OK on that, then you will be registered with the site

So if that email address ever does come up in a data breach in future you will get notified.

So that’s it for this week let’s be careful out there we’ll talk to you again next week.

www.L2CyberSecurity.com

www.twitter.com/L2Cyber

The post #WeekendWisdom 014 Have you been in a data breach appeared first on L2 Cyber Security Solutions Ltd..