Introduction
Employees use their email addresses for a whole host of online services. From conferences to hotel bookings to online products. The websites where employees leave their details can be hacked. Some hackers proudly show their results by sharing the breached data as evidence of success. This leaves the information of your employees exposed.
What does Lupasafe do?
Lupasafe bots continuously search for breached credentials for your organisation. The sources to investigate are dark web, Telegram, fora and the Lupasafe database with far over 1.5bn records. Once Lupasafe finds a breached record it verifies the email address with a service called "Have I been Powned". This gives additional meta data on when the email account was last breached, what data was exposed and where.
What can you do?
Breaches happen and are usually beyond any influence of your employees. But once data is breached it will be impossible to remove it. Over time breached records of employees help attacks build up a personal profile.
With any breach you can
1) ask IT/HR to inform the employee that this happened and ask them to change passwords
2) ask IT to change the passwords for the user. Assess impact by verifying if the credentials can still be used on the organisation's services like webmail, FTP or other portals.
3) formulate a policy on where the business email address can and cannot be used