See how one large bank detected more than 50,000 exposed credentials in 1 year.
Other content in this Stream

In 2020, our research report on account takeover (ATO) highlighted the risk of using credentials in an unsafe manner, which ...

You’d have to have been living under a rock to have avoided the excitement surrounding Non-Fungible-Tokens (NFTs) in the last ...

This guide draws from best practices suggested in SearchLight’s playbooks, so security professionals can improve their tools and processes to prevent employee account takeover.

Over the past 2.5 years, we have been analyzing how cybercriminals conspire to prey upon users of online services by “taking over” the accounts they all use...

Join the Photon team to learn about our latest research on account takeover.

Here, we review account takeover from the perspective of the cybercriminal: why and how do cybercriminals perform ATO?
Cybercriminals are increasingly turning to credential stuffing tools to automate attempts at account takeover, making these leaked credentials very useful for them.

In May 2017, an amalgamation of over 1 billion credentials was uploaded to the Have I Been Pwned database. One ...

Discover which industries are most likely to be targeted by cybercriminals with credential stuffing attempts.

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of aboutt 7.5 million Adobe Creative Cloud...

Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of ...

we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat

On Russian- and English-language cybercriminal forums on the clear and dark web, vendors are increasingly asking interested buyers to place money in a forum escrow service before they will provide fur

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories. - APT35 Targets Email of US political figures & prominent Iranians -...

Attack methods repeat themselves, and so does how cybercriminals use breached data, such as PII, stolen account details and even compromised admin credentials. Once data is compromised, it can circula

Dr. Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. We’ve all heard of not reusing passwords, employing two factor authentication and using...

Last week, I wrote about how cybercriminals are looking to trade corporate emails in their pursuit of conducting Business Email ...