Have any questions? +1 646.844.5712 (US)

Case Study: Preventing Data Breach Through Leaked Accounts

Preventing Data Breach Through Leaked Accounts

Pre–history

After reading a news about another major database leaks, one of our clients contacted us with the request to make a security audit of the corporate accounts. The task was to exclude the possibility of corporate accounts being leaked.

Steps taken

  • Every personal and corporate emails have been scanned through the available leaked databases using an API. The scan revealed a number of accounts that have been compromised and passwords to those accounts. Some of the personal accounts had similar passwords with corporate accounts.
  • All the compromised accounts have been locked.
  • Compromised accounts activity audit has been carried out to exclude the possibility of the third person accessing the corporate account and any harmful activity.

Problem resolution

  • All users are urged to change passwords according to the security standards.
  • All the passwords are set to 30 days expiration.
  • Second tier authentication has been implemented.
  • Some of the corporate resources were restricted to access from outside of the corporate network.
  • Leaked accounts scan has been implemented into company security protocol.