Bahrain-based cybersecurity firm CTM360’s latest software BreachDB lists all passwords that
have been leaked from hacks globally, helping put up an effective defense against hacker.
Prominent corporations and email providers have recently been in the news for the wrong reasons; hacked accounts, compromised data and financial losses have tarnished even the most stellar reputations. Despite frenzy in the cybersecurity community and mass media coverage given to all hacks, it is alarming to see that not enough focus is placed on exposed user credentials that are now available publicly.
Readily available to potential hackers, exposed credentials possibly offer a convenient starting point into hacking any organization. From the viewpoint of a hacker, part of the reconnaissance process on a target organization is to find what credentials have already been breached, what remains available to exploit and how gaps in defense can be identified to mount an attack.
In a recent study, 80% of users were found to be using corporate emails as user IDs on various social media platforms; a substantial portion of these users were also using the same password across their private and corporate accounts. If any user is breached on one account, there is a very high probability that many accounts may be breached simultaneously across multiple platforms. One of the biggest reasons for compromise of security in an organization is negligence, ignorance or falling victim to social engineering; even the best security systems fail in the face of these reasons. Subsequently, it remains imperative for organizations to control what is exposed online and how this is managed.
CTM360, a leading cybersecurity company from the Kingdom of Bahrain, has introduced a novel concept that enables companies to understand where their user credentials have been exposed. Dubbed BreachDB, this service lists all email addresses and passwords that have been leaked from hacks globally as well as similar data being shared or published in blogs or pastebin sites. BreachDB is populated using a combination of automated crawling, data sanitization and ongoing inventory of relevant email addresses in a standardized format; to date, CTM360 has collected 4.5 billion individual records coming from 100+ data dumps. This portal is available globally but access is only granted to those organizations that are thoroughly vetted, have formal verification and have access to only search or view data specifically of their own domains.Access and usage remains free of cost.
From a security standpoint, leaked corporate emails as user IDs act as a convenient starting point for attackers to breach into any organization. By allowing attackers the luxury of pinpointing vulnerabilities at their own time and leisure, individuals often suffer loss of control on their accounts or their identity, whereas for companies of any size, this spells disaster in the form of a massive breach. This is not fiction but a reality that is now being seen across the business world. Some of the most famous hacks in recent times have come from hackers capitalizing on exposed online data.
As part of its security-as-a-service offering, CTM360 offers a consolidated view for organizations to track and manage their online cyber assets, hunt and neutralize all online threats, as well as manage their security posture that is exposed online. For the sheer breadth of their offering, CTM360 was recently recipient of multiple awards, including the first-ever Bahrain Tech awards, Red Herring Asia award, Forbes Innovators award, as well as listing in the Forbes Top 100 startups from the Arab World. Access to BreachDB may be requested via CTM360’s website or via email at firstname.lastname@example.org