It’s simple. Once they have their hands on one set of credentials, (i.e. a username, usually an email address and a password) to one website, chances are they have credentials to many other websites, applications, and possibly your network. This is because people tend to use the same password in more than one place.
Once they’ve got a set of “creds”, they can pump those creds through a piece of software and automatically check many thousands of websites, and the software lets them know on which ones they get a “hit.” Combine this with the fact that the average user at work uses 27 different websites and applications, and you’ve got some exposure.
Click above to watch a less than two-minute video explaining NINJIO CREDS.
NINJIO CREDS powered by InfoArmor has been credited as having the largest database of compromised credentials on the web. This is because InfoArmor has operatives that work across the globe collecting these credentials from their underground relationships.
When an operative obtains a set of compromised credentials, they are uploaded into the InfoArmor Database. If any compromised credentials have @yourcompany.com in the domain, your admin will be notified via email within 6 hours of those credentials being uploaded.
Once the admin is notified, he or she will login to the database and see who has been breached. Depending on your own internal policies and procedures, and if the breach contains the source, the admin will notify those users to change their password on any site, application, or network resource where they have used that password before.
Congratulations! You have once again cultivated security into your culture. In other words, you’ve raised the security bar — again.