“For years we’ve been educating people not to enter their personal information into sites they have never visited before to protect them from phishing,” said Shuman Ghosemajumder, chief technology officer of Shape Security. “And that’s exactly what the notification site asks people to do.”
Shape CTO Shuman Ghosemajumder on Equifax breach: "You should probably act as though your data has been compromised."
“...a profound implication for how we use SSNs throughout the country, as it is possible that as a result of this breach, the majority of adults’ SSNs are now compromised.”
"...organizations should not act out the old adage that the CISO’s primary job is to get fired when something goes wrong, in this case."
"Credential-stuffing attacks are not rare. They account for more than 90 percent of the Internet traffic to log-in pages at major services, Shape Security’s Ghosemajumder says."
"Quid looked at more than 50,000 companies and chose 50 it deemed the most promising."
"This incident has many people suggesting that everyone in the world should change all of their passwords immediately"
"Criminals are already using image recognition technology, in combination with "Captcha farms," to by-pass this security measure"
"In 2011, while serving as deputy assistant secretary of defence at the Pentagon, Shape Security co-founder Sumit Agarwal observed a rising trend in the volume and complexity of automated attacks on Web and mobile applications. "
"On most websites, users enter their email addresses in lieu of user IDs, so cybercriminals often need only to crack a victim’s password once to gain entry to several of his or her accounts."
"A study out today from Shape Security shows that it's common for credential-stuffing login attempts to account for more than 90% of all login activity on Internet-facing systems at Fortune 100 firms."
"Now consider credential stuffing. The term was coined by Shape Security co-founder Sumit Agarwal when he was serving as Deputy Assistant Secretary of Defense at the Pentagon."
"Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security."
"According to figures from Shape Security, at least 11 gaming organizations suffered credential leaks last year."
2017 CREDENTIAL SPILL REPORT DOWNLOAD