In our digital-first world, passwords, combined with an email address or User ID, are the primary gatekeepers to vast amounts of sensitive data. However, for nearly every online company, this reliance on passwords as a verification and identity method presents a critical weakness. This leaves them vulnerable to a relentless barrage of criminal activities, including credential stuffing, account takeover, and ransomware attacks. The inherent flaws in how passwords are created, managed, and exposed have transformed them into the Achilles' heel of cybersecurity. Pervasive Problems: Weak, Reused, and Leaked Passwords Recent studies paint a bleak picture of password hygiene. A Cybernews study on billions of leaked passwords revealed that a staggering 94% are either reused or duplicated across multiple services. Many users opt for "lazy" patterns like "123456" or simple combinations of lowercase letters and digits, making them trivial targets for brute-force and dictionary attacks. Despite decades of cybersecurity education, there has been little to no progress in user behavior, underscoring the urgent need for more robust authentication methods. Compounding the issue, massive databases of compromised credentials are routinely exposed. For example, two recent incidents of massive data leaks: A recent Wired article revealed a mysterious, unsecured database containing 184 million login credentials, including those for major platforms like Google, Apple, Facebook, Microsoft, banks, and even government services. This trove, possibly collected via infostealer malware, offers cybercriminals direct access into accounts, serving as a dream working list for credential stuffing, phishing, and targeted attacks. Cybernews reported a data leak of nearly 16 billion passwords and other credentials from over 30 databases. The article states in part, “This is not just a leak – it’s a blueprint for mass exploitation.” Even if a company's systems remain unbreached, employees reusing passwords across personal and professional accounts can inadvertently create a critical threat vector, opening the gates for criminals to exploit vulnerabilities and introduce security problems like ransomware. Employees: The Unintentional Weak Link The human element remains a significant vulnerability. Employees unknowingly become the weakest link by reusing emails, passwords, and company credentials across various online services. This practice creates a pathway for criminals to infiltrate corporate networks if even one of those external accounts is compromised, leading to devastating consequences such as ransomware attacks that cripple operations. Building a Protective Barrier: myNetWatchman's 1-2-3 Security Screening Solutions To counteract these pervasive threats, companies must adopt a multi-layered security approach that proactively addresses credential vulnerabilities. myNetWatchman offers a comprehensive 1-2-3 security screening suite designed to create a protective barrier for companies, their customers, and their employees: Securing Company Active Directories with AD Audit : The myNetWatchman AD Credential Audit scans internal Active Directory accounts for compromised passwords and credential pairs. Leveraging a repository of over 35 billion compromised credentials, this tool identifies vulnerable accounts within your organization. By detecting and re-securing these exposed credentials, companies can significantly reduce the chances of infiltration by criminals looking to exploit weaknesses through ransomware and other attacks. This proactive auditing helps prevent breaches and strengthens your core network defenses. Screening Customer Credentials with AllCreds : myNetWatchman AllCreds Compromised Credential Screening proactively screens credentials at login, signup, or password reset against a live data surveillance system containing billions of exposed credential pairs. When a user attempts to authenticate, AllCreds checks if the entered username and password have been compromised. If detected, the system flags them, allowing companies to force password changes or implement step-up authentication. This significantly mitigates the risk of credential stuffing and account takeover attacks, directly reducing financial losses and protecting customer accounts. Screening Email Addresses with Email Reputation : Recognizing that email, never intended as a robust security channel, is frequently targeted by criminals, myNetWatchman Email Reputation provides critical screening for email addresses. This service checks email validity, synthetic nature, and whether it has been actively used by criminals to gain access to accounts. By making a simple API call, companies can determine if an email address is compromised, when it was accessed, and for what purpose. This enables organizations to head off criminal activity like fraud and account takeover, especially in scenarios involving password resets, sign-in links, or new account sign-ups, by enabling crucial decision points for step-up authentication or flagging high-risk transactions. By implementing this strategic 1-2-3 security screening, companies can move beyond the inherent weaknesses of passwords, establishing a robust protective barrier that safeguards their operations, customers, and employees from the ever-present threat of cybercrime. The future of online security lies in proactive, intelligent credential management that assumes compromise and builds defenses accordingly.

In today's interconnected digital landscape, the security of a company's sensitive data is only as strong as its weakest link. While organizations invest heavily in perimeter defenses, a critical vulnerability often lurks within: the exposed email addresses, passwords, and user IDs of employees and third-party vendors. These seemingly small exposures can provide an open door for cybercriminals to unleash devastating ransomware attacks, data breaches, and other malicious activities. Recent incidents at major retailers like Victoria's Secret and Adidas serve as stark reminders of the far-reaching consequences of security lapses. Victoria’s Secret’s internal corporate systems and customer website were shut down for several days, and Adidas’ customer data was stolen from a third-party vendor. Overlooking the security posture of internal personnel and external partners is a significant threat that many companies fail to adequately address. The Ripple Effect of Compromised Credentials Threat actors actively harvest employee credentials from various sources, including previous data breaches, phishing campaigns, and malware infections. myNetWatchman sees millions of attempts every year by bad actors targeting company systems. Once obtained, these credentials become a golden key, allowing attackers to: Gain Initial Access : Compromised credentials provide a legitimate entry point into a company's network, bypassing traditional firewalls and intrusion detection systems. This enables attackers to operate undetected for extended periods. Escalate Privileges : If the compromised account belongs to a privileged user (e.g., an administrator), attackers can rapidly escalate their access, moving deeper into the network and gaining control over critical systems. Lateral Movement : With valid credentials, attackers can move horizontally across a network, accessing various systems and applications without triggering immediate alarms. This allows them to map out the network, identify valuable data, and prepare for their primary objective. Deploy Ransomware : This is often the ultimate goal. Once inside, attackers can deploy ransomware, encrypting critical files and demanding a ransom for their release. The impact can halt operations, cripple productivity, and lead to significant financial losses. Data Exfiltration : Beyond ransomware, compromised credentials can also lead to the theft of sensitive customer, employee, or proprietary business data, resulting in regulatory fines, reputational damage, and loss of competitive advantage. Business Email Compromise (BEC) and Funds Transfer Fraud (FTF) : Compromised email accounts, especially those of executives or financial personnel, can be leveraged for sophisticated BEC scams, tricking employees into making fraudulent wire transfers. The Adidas breach, which originated from a compromise at a third-party customer service provider, highlights the insidious nature of vendor-related risks. Even if a company has robust internal security, its interconnectedness with third parties means that a vulnerability in a vendor's systems can directly impact the company's data and operations. The Victoria's Secret incident led to the company taking down its website and some in-store services. The "security incident" also reportedly locked employees out of email accounts, directly impacting internal operations and implying compromised employee access. These incidents are clear and forceful reminders that the human element and the supply chain are critical attack surfaces that demand constant vigilance. Proactive Defense: Auditing Credentials for Stronger Security The good news is that these risks can be significantly mitigated through proactive security measures, particularly a robust auditing strategy for internal employee and third-party vendor credentials. Key aspects of such an audit include: Continuous Monitoring of Compromised Credentials : Regularly scanning for employee and vendor credentials that have appeared in public data breaches or on the dark web. Strong Password Policies and Enforcement : Implementing and enforcing policies that require complex, unique passwords for all accounts, especially those with elevated privileges. Multi-Factor Authentication (MFA) : Mandating MFA for all access points, significantly increasing the difficulty for attackers even if they obtain a password. Least Privilege Principle : Ensuring that employees and vendors only have the minimum necessary access rights required to perform their duties. Regular reviews of access permissions are crucial. Regular User Access Reviews : Periodically reviewing and revoking access for inactive accounts or those where privileges are no longer needed. Third-Party Risk Management : Establishing comprehensive vetting processes for all third-party vendors, including assessing their cybersecurity posture, contractual obligations for data security, and ongoing monitoring. Security Awareness Training : Educating employees and vendors about phishing, social engineering tactics, and the importance of strong password hygiene. Securing Your Digital Gates with myNetWatchman's AD Audit Understanding the critical role of credential security in preventing ransomware and other attacks, myNetWatchman offers a specialized AD Credential Audit service. This service is designed to help organizations identify and address weaknesses in their Active Directory environment, which is often the central hub for managing user identities and access. myNetWatchman's AD Audit service provides: Comprehensive Scanning : Proactively scans your Active Directory for compromised employee credentials, including emails, passwords, and user IDs that may have been exposed in breaches or are circulating on the dark web. NIST Compliance Checks : Helps ensure your organization's password policies and practices align with the latest NIST (National Institute of Standards and Technology) guidelines for robust cybersecurity. Elevated Privilege Account Monitoring : Identifies accounts with elevated privileges that may be vulnerable to compromise, allowing for targeted remediation efforts. Policy Compliance Verification : Confirms adherence to company security policies regarding credential management, without requiring you to share any Personally Identifiable Information (PII) with myNetWatchman. Real-time Threat Intelligence : Leverages a vast and continuously updated database of compromised credentials to provide real-time insights into potential threats targeting your organization. By leveraging services like myNetWatchman's AD Audit, businesses can proactively identify and remediate credential-related vulnerabilities, significantly reducing their attack surface and bolstering their defenses against the ever-present threat of ransomware and other devastating cyberattacks. In an era where every credential is a potential entry point, diligent auditing is not just a best practice – it's a necessity for survival.

Most businesses and people assume email is secure. It is not. Every year millions of compromised email accounts are used by fraudsters. Email compromise is an enormous problem that leads to a variety of fraud losses. Among many other things, consumers could have web accounts taken over, or lose travel or loyalty rewards, while businesses can have data stolen or fall prey to ransomware. The following report highlights that the tremendous success fraudsters are having at monetizing compromised emails is a growing concern in cyber insurance claims. 2025 Cyber Claims Report The 2025 Cyber Claims Report from Coalition sheds light on the evolving landscape of cyber threats, highlighting that business email compromise (BEC) and funds transfer fraud (FTF) have become the most frequent sources of cyber insurance claims. This shift underscores a critical vulnerability that businesses face, primarily through the exploitation of email as a key identifier and communication channel. According to the Coalition report, a majority of 2024 cyber insurance claims (60%) originated from BEC and FTF incidents. Significantly, 29% of BEC events were found to result in FTF, demonstrating a direct pipeline from email compromise to financial theft. While ransomware claims stabilized and even saw a 3% decrease in frequency and a 7% decrease in severity year-over-year, and average ransom demands dropped by 22% to $1.1 million, BEC claims severity actually increased by 23%. This indicates that BEC, while perhaps less sensational than ransomware, is a highly effective and increasingly impactful method for cybercriminals to target businesses. Even though FTF claims frequency decreased by 2% and severity by 46% year-over-year after an all-time high in 2023, the sheer volume of claims originating from BEC and FTF makes them a primary concern. While the Coalition report primarily focuses on BEC and FTF from a business insurance claims perspective, it's crucial to understand that consumers are not immune to email compromise, which can then fuel these same types of fraud. Email is widely used as a key unique identifier for customers and is often assumed to be secure, but it is explicitly NOT a secure verification or communication channel. Fraudsters actively target and compromise millions of personal email accounts, gaining access to sensitive information or the ability to impersonate individuals. When a consumer's email is compromised (CEC), it opens up avenues for criminals to initiate account takeover (ATO) fraud, as seen with the top U.S. brokerage that identified over $700,000 in ATO fraud attempts via a malicious actor's access to customer's email. This demonstrates how compromised consumer emails can directly lead to financial theft, exponentially increasing the pool of vulnerable targets and the complexity of the fraud landscape for both individuals and businesses. See The Threat Before it becomes a Problem Addressing this pervasive threat, myNetWatchman offers solutions designed to secure email channels, which are frequently exploited in BEC and FTF scenarios. Our Email Reputation solution provides an easy-to-use API that reveals the likelihood of an email address being "created-for-fraud" or if criminals have access to the email box, specifying when the access occurred and what they were seeking. Companies can leverage myNetWatchman's Email Reputation at various critical points to prevent fraud: At Account Creation : To verify if an email is legitimate, synthetic, or already compromised. At Login with email 2FA or password changes : To confirm an email's integrity before allowing sensitive actions like password resets or new account sign-ups, protecting trusted accounts from malicious actors. When a Sensitive Transaction is Initiated : To confirm end-user authentication on large transactions and validate high-risk accounts, which is vital during breach investigations. myNetWatchman's effectiveness is underpinned by its vast proprietary data repository, which contains over 35 billion compromised credential pairs, including emails and passwords. We continuously update this database by monitoring live, bad actor traffic, adding 15 million new credentials and 150 thousand compromised email addresses daily that criminals are actively using. This allows mNW to proactively identify compromised accounts and prevent them from being used in fraudulent activities. By identifying and flagging compromised emails before they can be used to initiate CEC, BEC or FTF, myNetWatchman directly tackles the very vulnerabilities highlighted by the Coalition report, offering a vital preventative layer against these prevalent and costly cyber threats. For more information on myNetWatchman’s Email Reputation service, click here .

Imagine Johnny, an AI expert, famous for his globetrotting talks, boasting about racking up over a million Delta miles. Unbeknownst to him, in his audience sits Billy, a tech guru with a less-than-ethical focus – stealing travel loyalty points to sell discounted travel. Billy spots Johnny as a potentially "ripe target" for acquiring real points. Billy's initial challenge is accessing Johnny's Delta account without knowing his email or password. At this stage, the odds of success are astronomically low, estimated at 1 in 100 billion. Billy, however, collects vast amounts of breach data, compiling a list of over a billion known breached credentials. He could try automating password guesses using this list, but Delta's systems would likely stop him before he got anywhere. The first critical turn occurs when Billy simply approaches Johnny, expressing interest in a consulting gig and asking for his email. Johnny, unsuspecting, provides it. Now, with Johnny's email address, Billy's odds of taking over the account, even by trying random passwords, improve significantly to 1 in 100 million. But Johnny is still relatively safe, right? "Not even close". Billy immediately checks Johnny's email on services like haveibeenpwned and finds it has been in breaches, which is common for addresses used over time. Knowing the email is in a breach instantly improves the odds to 1 in 10 million because a staggering 70% of people reuse passwords. To zero in, Billy uses tools like MalwareBytes to list the specific breaches Johnny's email was involved in. He then ventures onto the dark web, trading data and scouring bulletin boards to acquire the datasets from those identified breaches. Within a day, Billy compiles a list of username and password combinations linked to Johnny's email from these dark web sources. Using this tailored list to try logging into Delta, the odds of compromise shoot up dramatically to 1 in 100. The story reaches its inevitable conclusion when Billy discovers that one of the breach datasets was from American Airlines, dating back three years. Crucially, Johnny used the same password for all his airline accounts and never changed it. With Johnny's username (his email) and a known, reused password from a breach, the odds of Billy compromising the account become 100%. Billy successfully takes over Johnny's Delta account. This tale perfectly illustrates a critical theme: compromises have different types, and the risk associated with each type varies significantly. As Johnny's story shows, the likelihood and severity of compromise escalate dramatically based on the information a bad actor possesses. Being compromised randomly by bad actor activity is low risk. Being in an old data breach (over 2 years) carries more risk. Being in a recent data breach is riskier still. Being targeted by a bad actor who knows your email increases risk. Even higher risk is when a bad actor knows your email and has found your password in a known compromise list, especially if you reuse passwords. Knowing your specific email and password combination represents a very high risk. The highest risk described is when a bad actor knows your username, password, and has compromised your email. For businesses, understanding these different types and their inherent risks is paramount. Crucially, all screening methods for credentials are not equal, and security actions must match the type and risk level. Applying overly strict security measures designed for high-risk situations (like Billy knowing Johnny's reused password) to a low-risk situation (like someone being in an old breach) creates false positives and unnecessary friction for legitimate users. By tailoring authentication requirements to the risk level, businesses can ensure low-risk users have a smooth experience while applying strong security measures only when truly needed. This balanced approach improves user satisfaction and effectively safeguards sensitive information, preventing your customers from becoming the next Johnny.

Belani to Drive Innovation in ATO Prevention and Enhanced Cybersecurity myNetWatchman, a leader in real-time compromised credential monitoring and account takeover (ATO) prevention, is delighted to announce the appointment of Madhura Belani as Chief Product Officer. This strategic addition to the leadership team underscores myNetWatchman’s unwavering commitment to advancing cybersecurity solutions for digital businesses. Madhura is a seasoned executive with extensive leadership experience in payments, fraud prevention, and identity management. She has a proven track record of launching and scaling category-defining products, implementing successful go-to-market strategies, and forging strategic partnerships to drive sustainable growth. Her career journey includes distinguished leadership roles at global giants such as PayPal and Visa, as well as dynamic startups like Speedpay, Offerpal, and Danal, providing her with the unique ability to thrive in organizations at various stages of product maturity. During her tenure at Visa, Madhura led the development of Buy Now, Pay Later (BNPL) APIs, successfully launching a partner program across six countries and onboarding industry leaders. As the founding Chief Product Officer at Danal, she spearheaded the creation and scaling of a mobile identity product, a key achievement that paved the way for its acquisition by Boku. Prior to these roles, Belani held Product Management positions at Tapjoy and PayPal, further honing her expertise in product innovation. “I’m thrilled to join myNetWatchman and contribute to its mission of enhancing cybersecurity and detecting and disrupting fraud,” Madhura said. With Madhura's leadership, myNetWatchman aims to further strengthen its position as a trusted partner for industries facing high ATO risks, such as travel, e-commerce, and financial services, empowering clients to stay ahead of bad actors through real-time intelligence. “The experience Madhura adds to our team will help us move faster and scale our efforts to protect businesses and their customers from ATO and other fraudulent events,” said David Montague, CEO of myNetWatchman. “I’m really excited to have her as part of our executive staff and leading myNetWatchman’s product development.” Madhura holds an MBA from Duke University’s Fuqua School of Business and a Bachelor of Engineering in Electronics and Telecommunications from the College of Engineering Pune (COEP), Pune University, India. About myNetWatchman myNetWatchman provides real-time intelligence to help organizations detect cybersecurity threats, specializing in real-time monitoring of compromised credentials and bad actor behavior to prevent ATO and other fraudulent activities.

According to cyber-insurance claims data from Coalition’s 2025 Cyber Claims Report , Business Email Compromise (BEC) attacks and Fund Transfer Fraud (FTF) accounted for a staggering 60% of all claims in 2024. These email-based attacks have been the bulk of claims for organizations over the past three years. The financial impact is significant: BEC incidents cost organizations, on average, $35,000. Furthermore, 29% of BEC attacks also led to FTF incidents, with an even higher average loss of $106,000. FTF events frequently occur through social engineering or directly result from a BEC event, where attackers impersonate trusted parties to trick employees into making unauthorized wire transfers. Email is the lifeblood of modern business communication, but it can also be a significant vulnerability. BEC and FTF continue to pose major threats, costing businesses vast sums every year. While large-scale breaches often grab headlines, sometimes vigilance in a single transaction can prevent considerable loss. Consider the story of a friend, a banker at a large regional bank. A customer, a landscaper, came in to finalize the purchase of a much-needed large truck for their growing business. The final step was a $50,000 wire transfer to the truck dealership. Wire transfers are a common, fast, and generally reliable method for moving large sums, often used for major purchases like vehicles. As part of the standard procedure for wire transfers, the banker asked the customer how they received the dealership's bank details. The customer showed an email from their contact at the dealership. This raised a slight concern for the banker, leading to the crucial next question: "did you call the dealership to confirm the banking details?" Fortunately, the customer was happy to make the call right then, putting the phone on speaker. When they spoke to the truck dealer, the landscaper mentioned the $50,000 transfer and double-checking the bank account information from the email. The dealer's response was immediate and distressed: "No, no. Oh, no. That’s not our information at all. I never sent you that email." It became clear that a bad actor had compromised the dealership's email account. They sent a legitimate-looking email with fake bank details, hoping the landscaper would unknowingly wire the $50,000 to the fraudster instead of the dealer. Thanks to the banker's diligence, both the landscaper and the dealer were saved from losing $50,000. The grateful landscaper exclaimed, "you just saved me $50,000, AND a claim on my cyberfraud insurance." While the frequency of FTF claims dropped slightly, the severity of BEC claims saw a significant 23% increase, particularly in the latter half of 2024. This spike in BEC severity was partly due to increased costs associated with legal expenses, incident response, data mining, and other mitigation and recovery efforts. This near-miss, thankfully averted by a vigilant banker, serves as a reminder that while email remains essential, it's also a prime target for malicious actors. The rising tide and severity of BEC and FTF attacks, accounting for a staggering 60% of cyber insurance claims, underscore the need for proactive defense. So, what can organizations do to shield themselves from these costly threats? First, implement routine credential screening to ensure your employees and consumers aren't compromised. Furthermore, before processing significant financial transactions or allowing critical account changes, verify the legitimacy of the involved email accounts. While robust security measures like employee training and multi-factor authentication form a strong foundation, layering in checks specifically around large transactions and email compromise can provide an extra line of defense, potentially saving your organization from substantial financial losses and the headache of a cyber insurance claim. Read more about our solutions for Email Reputation , ATO Threat Monitoring , and AD Credential Audit .

The cybersecurity landscape is currently facing unprecedented challenges, marked by an alarming surge in sophisticated attacks. And businesses are falling behind in robust, proactive defense strategies and real-time intelligence to effectively combat these evolving threats creating a perfect storm for criminals. As highlighted in the most recent Verizon report, a critical element in this increasingly challenging environment is the pervasive threat of compromised credentials. Verizon's 2025 Data Breach Investigations Report (DBIR) Credential abuse (22%) and exploitation of vulnerabilities (20%) continue to be the leading initial attack vectors. The report analyzed over 22,000 security incidents, including 12,195 confirmed data breaches, underscoring the critical need for enhanced security measures focused on these areas. The human element remains a significant factor, with a substantial overlap noted between social engineering and credential abuse. Furthermore, the DBIR highlights concerning trends such as the doubling of third-party (like a vendor, supplier, etc.) involvement in breaches to 30%, emphasizing the risks associated with supply chains and partner ecosystems, and a 34% surge in the exploitation of vulnerabilities. Compromised credentials and exploited vulnerabilities serve as primary pathways for various malicious activities, including Account Takeover (ATO), ransomware, and other forms of online fraud. Account Takeover (ATO) as a Major Threat Account Takeover is repeatedly emphasized as a significant risk. Criminals leverage stolen email addresses, user IDs, and passwords to take control of legitimate user accounts, leading to fraud events.  Ransomware and Other Fraud Losses Ransomware attacks have seen a significant rise of 37% since last year and are now present in 44% of breaches. For small and medium-sized businesses (SMBs) that may lack proper IT and cybersecurity maturity, the impact is disproportionate, with ransomware appearing in 88% of their breaches. Compromised credentials often provide attackers with the initial access needed to deploy ransomware. Beyond ransomware and ATO, the use of stolen credentials facilitates various other online fraud activities. What Can be Done? - The Power of Proactive Credential Screening myNetWatchman (mNW) has a long history of tackling the risk of compromised credentials. Our proactive credential screening process involves evaluating credentials for potential compromise at various points, including login, signup, and account reset. Proactive Screening Consists of Two Key Elements. First, by continuously collecting data on compromised credentials from sources like the darknet, phishing attacks, and malware-infected devices, we capture fraudsters' live use. This "inline real-time credential screening," or proactive screening, integrates directly into customer credential processes—signup, account reset, or login—to proactively prevent the use of credentials already known to be in criminal possession. Second, a vast dataset is crucial for proactive credential screening. This dataset should extend beyond basic breach information and password lists to include userID/password and email/password combinations. Such comprehensive data provides deeper insights into potential account-related risks. Such proactive screening and monitoring services offer a comprehensive approach to combating threats: Stopping Account Takeover : By identifying and preventing the use of compromised credentials at login or signup, ATO attempts can be significantly reduced. Solutions can also monitor company domains and users to alert organizations to attack activity and compromised accounts. Preventing Credential Stuffing : Proactive screening helps identify users attempting to log in using credential pairs known to be compromised, preventing credential stuffing attacks. Compromised Credential Pentests can also assess a site's vulnerability to credential stuffing. Detecting Compromised Users and Employees : Solutions can detect if customers' email accounts, used for actions like account creation or reset, have been compromised. Scanning employee credentials for compromised passwords helps ensure compliance and identifies employees using credentials known to be compromised, uncovering threats in Active Directory. Mitigating Ransomware and Fraud : By preventing initial access often gained via compromised credentials, proactive screening can help reduce the risk of ransomware and other online fraud. Breach Response : When a breach is suspected, these services can help determine its extent and identify which credentials were used or previously exposed. Part of a Multi-Layered Defense Experts emphasize the need for a multi-layered defense strategy, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training. Proactive credential screening is a crucial component of this strategy, complementing other security measures by directly addressing one of the leading initial attack vectors. The findings from sources like the Verizon DBIR underscore that compromised credentials are a persistent and growing threat enabling ATO, ransomware, and widespread online fraud. myNetWatchman’s proactive approach to credential screening, leveraging real-time intelligence and comprehensive data, is no longer optional but a necessary investment for businesses seeking to safeguard their assets, protect customers, and ensure resilience in today's challenging digital world.

Urgent Announcement: Save the Date! April 22, @ 1:00 PM Eastern, 10:00 AM Pacific Don't Miss This Critical Discussion: Why are 87% of travel companies still losing sleep over Account Takeover (ATO)? Because it’s a relentless, evolving threat – and if you’re in the travel industry, you’re a prime target. Join industry leaders for an urgent panel discussion on the alarming rise of account takeovers in the travel sector. Our expert panel includes: Amitabh Ghosh – Vice President Technology, Travel Platform, eCommerce, Fraud & Risk, Expedia Christopher Staab – Loyalty, Frequent Flyer, Payment & Fraud Expert, Co-Founder the Loyalty Security Alliance David Montague, CEO of myNetWatchman Key Takeaways: Learn about the latest ATO trends and the disproportionate impact on travel companies Discover the tools and strategies that can fortify your defenses against ATO Hear actionable insights from experts at the forefront of travel security

You might remember one of our recent articles, " The Three Factors of Authentication: A Fraudster's Playground ." We talked about how even the most common ways we protect our online lives – what we know (passwords), what we have (phones, OTPs), and what we are (biometrics) – are constantly under attack. Recent news has brought this topic even closer to home, and it involves someone we in the security community deeply respect: Troy Hunt. Troy, a renowned security expert and the creator of Have I Been Pwned (HIBP), recently shared that he fell victim to a sneaky phishing attack that targeted his Mailchimp account. Everything about this email looks legitimate except it was a phishing attack and the information provided once the link is clicked, is compromised. For those unfamiliar, phishing is a deceptive tactic where fraudsters try to trick you into giving up sensitive information, like passwords or credit card details, often by pretending to be a legitimate organization in an email or message. In Troy's case, he received an email that looked like it was from Mailchimp, claiming there was a spam complaint and that he needed to log in to resolve it. Being tired and a bit jet-lagged, he clicked the link and entered his credentials, only to realize moments later it was a fake site. The attackers immediately used this access to export his blog's mailing list, containing around 16,000 records. These attacks are becoming increasingly sophisticated, using social engineering to play on our emotions like fear or urgency. As Troy himself admitted, even someone as security-savvy as him can have a moment of weakness, especially when tired or distracted. That’s why in our previous article , we emphasized the constant evolution of these threats and the need for vigilance. What truly stood out in this situation was Troy's immediate and open disclosure of the incident. He published a detailed blog post just 34 minutes after realizing what had happened, explaining exactly how he was tricked. We commend Troy for his transparency. It's this kind of openness that helps us all learn and become more aware of the threats we face online. By sharing his experience, Troy has provided a powerful real-world example of how even the most vigilant among us can be targeted. Let's all take this as a reminder to stay alert, especially when we're feeling tired or rushed. Always double-check links, and if something feels off, it probably is. Troy’s experience, while unfortunate, serves as a valuable lesson for us all in the ongoing battle against online fraud. About myNetWatchman Georgia-based myNetWatchman has been providing cyber fraud intelligence data for more than 20 years to retailers, financial services, insurance, and other industries. With over 10 years of live data surveillance, the company manages a continuously growing data repository containing over 35 billion exposed credential pairs and protects over 800 million users for their clients.

Online accounts are protected by the three factors of authentication: something you know (like a password), something you have (like a phone), and something you are (like a fingerprint). These factors are designed to keep our accounts secure, but the games fraudsters play constantly find new ways to compromise them. Something You Know: The Data Breach Bonanza Fraudsters scoop up usernames, passwords from compromised companies. And they have been doing that since digital passwords were invented. Fraudsters develop phishing scams to fool users into handing over credentials thinking they are interacting with legitimate businesses. And let’s not forget malware. It is estimated that more than 1 billion malware programs are currently in existence (with more created every day), automatically mining and sending information without the user knowing. It's like a digital spy in a computer, stealing information right from under a user's nose. 2022 saw a record 24 billion passwords exposed. - New York State Attorney General Something You Have: The Social Engineering Shuffle "Something you have" isn't safe either. Fraudsters use social engineering to convince users (or your cell carrier) to give them access to a phone or SIM card. They might pretend to be from a user's bank or phone company, and before the scam is discovered, they've got control of the accounts. It's like a magic trick, but instead of pulling a rabbit out of a hat, they're pulling your money out of the user's bank account/s. Don't click that link! Something You Are: The Metadata Mimic Even "something you are" can be compromised. Fraudsters can't change a fingerprint or a face, but they can mimic metadata. They log into accounts with stolen credentials and make their activity look just like the account owner. They use the same IP address, the same browser, even the HTTP referrer. It's like they're wearing a digital mask, and it's good enough to fool even the most sophisticated security systems. September 2013 - Apple introduces the iPhone 5S with TouchID September 2013 - Computer Chais Club bypasses Apple’s TouchID November 2017 - Apple introduces FaceID on the iPhone X November 2017 - Vietnamese firm Bkav bypasses Apple’s FaceID Even one of the largest, most tech-savvy companies in the world isn’t immune to hackers getting past their security measures. The Bottom Line The three factors of authentication are supposed to be our digital fortress, but fraudsters are constantly finding new ways to breach the walls. They're clever, they're persistent, and they're agile, always working to stay one step ahead. So, what can be done? Be risk aware of where you are inputting passwords Don’t reuse passwords Use strong, unique passwords Regularly scan for viruses Update computer software and operating system Be vigilant of phishing scams Use multi-factor authentication where it makes sense Carefully evaluate links before clicking Don’t assume urgent text/emails are from legitimate sources Remember, the three factors of authentication are only as strong as the weakest link. By staying informed and taking precautions, we can make it harder for fraudsters to compromise our accounts and keep our digital lives safe. Author For more than 20 years, Georgia-based myNetWatchman has been examining attack traffic and monitoring criminal activity as it happens, even years before a company realizes a data breach has occurred. This method of “watching” the bad guys means myNetWatchman gives customers access to the earliest detection and highest remediation of compromised logins and account credentials on the market. Earliest detection on the darknet of the testing, use, or sale of compromised credentials is the most foolproof way to protect against account takeover, Active Directory exploits, ransomware attacks, industrial espionage, and more.

Okay folks, gather 'round, let grandpappy regale you with a tale from the olden days... the retail days. Back then, we had these magical boxes called "cash registers" – no, not iPads, young'un, these were machines – and they had a wondrous key called "no sale." This little gem lets you open the cash drawer without actually, you know, selling anything. Now, my wise old mentor (he had a killer mustache, that guy) told me to never disable that key. Why? Because it's way easier to review footage of every time the drawer pops open than to squint at the end of every transaction, wondering if Brenda left it hanging. Some folks are obsessed with blocking IP addresses like they're swatting flies in Savannah in the summertime. Fast forward to my current gig battling fraudsters in the digital Wild West, and guess what? The same logic applies! But here's the thing: IP addresses are like pigeons – they move around. Think of it this way: Your smart fridge might be a Russian spy. That's right, little Timmy's WiFi-enabled icebox could be the reason poor Mrs. Miggins in Florida can't buy her catnip online. See, Timmy's fridge got hacked, used to launch a cyberattack, and bam – the IP address is flagged. Now Mrs. Miggins is collateral damage. Your computer might be possessed. Even if you're squeaky clean, your machine could be harboring some nasty malware, spewing out login attempts like a Pez dispenser. Suddenly, you're the one locked out, scratching your head and wondering if you accidentally subscribed to "Hacker Monthly." Blocking is like a neon sign for bad guys. "Hey, you've reached the limit!" it screams. "Better try a different tactic!" Congratulations, you just helped the cyber-crooks refine their approach. So, what's the solution? Embrace the "no sale" philosophy! Let those baddies think they're getting away with it. Use that visibility to gather intel: Weird browser language? Red flag! Funky user agent string? Houston, we have a problem! Suspicious HTTP referrer? Time to investigate! Instead of playing whack-a-mole with IP addresses, be like water, my friend. Adapt, flow, and outsmart those digital delinquents. As the great Bruce Lee once said (probably while fighting off a horde of hackers with nunchucks), "Be soft like water and flexible and adapt...to the opponent." Drop the ban hammer, pick up the magnifying glass, and let's catch some crooks!

A few months ago, we wrote "YOU HAVE BEEN BREACHED: Consumer Credential Stuffing ," and now the recent news of 23andMe filing for bankruptcy resonates deeply. While reports highlight various financial struggles for the genetic testing company, it's crucial to understand that the seeds of this downfall were significantly sown by the massive 2023 data breach that began with credential stuffing attacks. What's Credential Stuffing Anyway? For those unfamiliar, credential stuffing is a cyberattack where malicious actors use lists of usernames and passwords, often obtained from previous breaches on other platforms, to try and gain unauthorized access to user accounts on different services. As we at myNetWatchman have emphasized , the 23andMe breach was a prime example of this. Attackers leveraged credentials compromised elsewhere that consumers unfortunately reused on their 23andMe accounts. This led to the exposure of sensitive genetic and ancestry data of over 6.9 million customers. The Domino Effect The fallout from this breach was swift and significant. A class action lawsuit was filed against 23andMe alleging failure to protect customer privacy and inadequate notification, particularly to those with Chinese or Ashkenazi Jewish heritage who appeared to be specifically targeted. Ultimately, 23andMe agreed to a $30 million settlement. While the company anticipates that cyber insurance will cover approximately $25 million of this, the remaining $5 million, coupled with substantial related legal expenses, still represents a considerable financial burden. The Verge accurately noted that the breach "dealt a big blow to the already struggling company." Other sources echoed this sentiment, with STAT even listing the cyberattack impacting 7 million customers as one of the "killing blows" leading to the Chapter 11 filing. NPR pointed out that the bankruptcy announcement came less than two years after the breach, and CNBC highlighted the cyberattack as part of a "turbulent period" for 23andMe, alongside issues with revenue generation and business viability. Why Is This So Important? From our perspective at myNetWatchman, the 23andMe situation underscores a critical point: organizations bear a responsibility to protect their users from the foreseeable risks of credential stuffing attacks . While it's true that password reuse by consumers contributes to the problem, relying on this as a defense – essentially throwing up their hands and saying "there's nothing we can do" – is no longer acceptable, especially when dealing with highly sensitive data like genetic information. The $30 million settlement should serve as a stark warning that neglecting to implement preventative measures can lead to significant financial and reputational damage. Interestingly, as part of the settlement, 23andMe agreed to mandate Multi-Factor Authentication (MFA) going forward. While MFA is a valuable tool, relying solely on user adoption can be challenging. As we discuss in our " YOU HAVE BEEN BREACHED " article, organizations need to consider more passive ways to protect against credential stuffing. There's a Better Way The good news is, it doesn't have to end this way. myNetWatchman provides solutions that can help companies actively combat credential stuffing attacks. Our services offer unique data insights into compromised credentials. We detect when compromised credential pairs are presented at login, account creation, or password change events, allowing for proactive intervention and preventing account takeover. Our repository of over 35 billion compromised credential pairs, updated daily with 15 million new additions, we empower organizations to stay ahead of these threats and protect their users, ultimately safeguarding their bottom line and reputation. The 23andMe bankruptcy is a sobering event. It highlights the severe consequences of failing to adequately address the persistent threat of credential stuffing. We urge organizations to learn from this and take proactive steps to secure their users' accounts. Ignoring this risk is no longer a viable option.