Digital Shadows launches validation for exposed credentials alerting, enabling organizations to find out instantly if breached login details are a current risk

New service leverages database of 15 billion breached credentials to remove the time spent triaging invalid or duplicate entries

London and San Francisco, July 15, 2020 – Digital Shadows, the leader in digital risk protection, has today announced new capabilities within its SearchLight™ solution to enable organizations to track whether credentials exposed in data breaches are ‘valid’ and hence a current risk. The near real-time credential alert uses the Digital Shadows database of some 15 billion breached credentials and maintains a history of whether credentials (usernames and passwords) have been seen before or previously remediated so that organizations can see instantly whether they can still be exploited by criminals to infiltrate accounts and systems.

Last week, Digital Shadows revealed that it has alerted clients to 27.3 million username and password combinations in the last 18 months. It also warned that access to organizations’ key systems trade at a significant premium. Usernames with “invoice” or “invoices” as well as “payments” and “partners” are actively sought by cyber criminals. Domain admin access is currently advertised by cyber criminals with prices ranging from $500 to $120,000.

Digital Shadows SearchLight™ has the most comprehensive collection mechanism in the market to combat this threat, continuously searching across criminal forums, paste sites, dark web pages, and code-sharing sites. This has detected more than 15 billion credentials to date, and this number continues to rise. Given credential breaches are common and password reuse is rife, often organizations lack visibility of who has been impacted – and the extent of the impact this has on the business.

The new service is designed to help organizations solve this challenge by enabling them to:

·        Triage quicker: reused credentials will not be raised as new alerts. Instead, if the same credential pair is detected on a new source, the alert is updated with the source details.

·        Automatically reject invalid credentials based on specified email and password formats

·        Deeper historical context via a timeline viewer

·        Better reporting – gain a macro-level picture of the number of employees involved in a breach.

Russell Bentley, VP Product at Digital Shadows comments: “Managing data breach volumes is time consuming given the huge amount of breached credentials out there. Organizations often struggle to determine which credentials are historic and may no longer represent a danger to them and those that are a clear and present danger. SearchLight’s new credential alert removes the time spent triaging invalid or duplicate credentials enabling organizations to stay on top of this issue in real time.”

ABOUT DIGITAL SHADOWS

Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more, visit www.digitalshadows.com.