Many CSOs live in fear of waking up to an email reporting a data breach at their company, but the threat to an enterprise isn’t limited to a compromise of that specific organization. A new report shows that there are leaked employee credentials online for 97 percent of the top 1,000 global companies, many of which came from third-party breaches.
The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places. Corporate employees, like most other users, often reuse their credentials in several places. But the worrisome thing is that many of them are using their work email addresses and passwords as credentials on third-party sites.