In mid-January media reported a record security breach that exposed 773 million email accounts and 23 million passwords on the network, with the name “Collection # 1”. Now, unfortunately, these figures have fallen short to discover a few days ago, a new leak of up to 2,200 million stolen user names and passwords , under the name of “Collection # 2 to # 5”.
In companies, many of its users (for their convenience to remember them), often reuse the same password they use for personal issues in applications and corporate portals. Given this situation, the security threat for organizations is enormous since there is a risk that a cybercriminal will obtain a password from any employee who performs this type of practice and tries to use it to access your company’s data.
How to know if your password has been stolen?
To know if your password has been filtered in Collections # 2-5, Hasso Plattner Institute analysts have created an online tool that you can access from HERE . You only have to enter your email in the text field and click on the Check email address button. Once this is done, the system will process your request and send you an email with the results of your checks.
If you want to know if your email is among those affected by the first Collection # 1 filtration, you can check it on the Have I Been Pwned website from this link .
However, they may have stolen the password of any user by phishing, that is, the typical fake email that impersonates a service known to the user, such as a bank, a social network, etc., and that is the easiest and fastest method of a hacker getting it. So, not being in those BD, it is not a guarantee at all that they have not already stolen your password.
How can you protect the identity of your users?
The solution to the headache of IT departments facing these security threats is in the cloud and is called Azure Active Directory (AAD).
AAD facilitates, through a single identity (single sign-on) and protected (through 2 steps validation and artificial intelligence), a secure access confirming that users trying to connect to corporate applications are who they say they are.
Discover HERE how to protect the identity of your users through Azure Active Directory Premium