Tag Archives: SANS

Are Leaked Credentials Dumps Used by Attackers?, (Fri, Aug 4th)

This post was originally published on this site

Leaked credentials are a common thread for a while. Popular services like “Have I Been Pwned”[1] help everyone know if some emails and passwords have been leaked. This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).