Bulk Identity Theft
Identity theft is one of the most common and damaging forms of hack. For both innovative online brands and established “brick and clicks” brand names with a significant online business, protection of customer credentials is paramount. From financial institutions providing on-line account access, to on-line retailing and gaming, store and loyalty cards and multiple other scenarios, there is a long list of companies who need to store, manage and transact with sensitive customer data.
Typically web servers are hacked over the internet, and credentials are stolen from databases and other password stores. Hackers know its easier and faster to steal passwords at rest from a single location than it is to infect large numbers of client computers or capture credentials in transit. It can take less than a minute to steal a million passwords.
Stolen identities are routinely advertised on the dark web for $1 to $5 per record. Credentials originating from banks are advertised for $7 or more per record. With many customers re-using passwords across multiple websites and services, password theft compromises not only your service but others as well. That’s why password repositories are a honeypot for hackers.