2017 Headlines

You Can’t Secure 100% of Your Data 100% of the Time

December 4, 2017 / Shuman Ghosemajumder, Harvard Business Review

“Investing in all the traditional security in the world to prevent your website from having vulnerabilities will not help if your users’ own bad habits of reusing passwords results in cybercriminals being able to log in to your application just like those users.”

Shape Security's Blackfish designed to combat credential stuffing attacks

November 30, 2017 / Nicole Laskowski, TechTarget

“What this creates is a data-driven defense network, which is constantly learning, constantly improving and capable of autonomously defending itself”

Uber Breach May Intensify Push for Federal Disclosure Rules

November 22, 2017 / Steven Norton, Wall Street Journal

“Being transparent with users and enforcing good operational practices is just as important as investing in security technology.”

The Emerging Threat of Cybercriminal AI

November 8, 2017 / Martin Giles, MIT Technology Review EmTech Conference

Shuman Ghosemajumder, CTO of Shape Security and MIT Technology Review’s Martin Giles discuss responsibilities that companies have towards protecting the sensitive personal information they hold about us.

Shape’s Blackfish could stop password thieves cold

November 8, 2017 / Seth Rosenblatt, The Parallax

“The economy of the Internet as a whole is suffering so that we can learn which passwords have been stolen. Because Blackfish can see all automated log-ins in real time, [it] can capture compromised usernames and passwords,” Sarah Squire says, “instead of buying them.”

Credential-stuffing defence tech aims to defuse password leaks

November 8, 2017 / John Leyden, The Register

“Credential stuffing only works because many users still use the same login details on multiple sites. This is a serious security risk that's only getting worse as the volume of data breaches rises.”

Shape Security Introduces BlackFish AI to Combat Credential Stuffing

November 7, 2017 / Sean Michael Kerner, eWEEK

“New technology uses a bloom filter computer science approach to help detect potentially breached passwords, before a breach is publicly disclosed.”

Bloomberg Markets: Ghosemajumder on Protecting Apps

November 7, 2017 / Carol Massar and Cory Johnson, Bloomberg Podcast

“GUEST: Shuman Ghosemajumder Chief Technology Officer Shape Security Discussing the launch of Blackfish, the first system that can autonomously identify stolen passwords before the original data breach is reported or even detected.”

Shape Security introduces tool to blunt impact of stolen password caches

November 7, 2017 / Ron Miller, TechCrunch

“Today, the company released Blackfish, a product that could help blunt the impact of stolen password caches from massive breaches like Yahoo (the mother of all breaches), Adobe and Home Depot to name but a few examples.”

This 'pre-crime' AI bot network detects a hack before it's discovered

November 7, 2017 / Yahoo Finance

“Shape Security today launched Blackfish, the first system that can autonomously identify stolen passwords before the original data breach is reported or even detected.”

Why Data Breach Stats Get It Wrong

October 26, 2017 / Shuman Ghosemajumder, Dark Reading

“It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.”

Five questions about the massive Equifax breach

Sept 9, 2017 / Joe Uchill, The Hill

“For years we’ve been educating people not to enter their personal information into sites they have never visited before to protect them from phishing,” said Shuman Ghosemajumder, chief technology officer of Shape Security. “And that’s exactly what the notification site asks people to do.”

Your social security number probably got leaked and that’s very, very bad

Sept 8, 2017 / Stan Horaczek, Popular Science

Shape CTO Shuman Ghosemajumder on Equifax breach: "You should probably act as though your data has been compromised."

Equifax Breach Puts Social Security Number at Center of Digital Identity Crisis

Sept 8, 2017 / Steve Rosenbush, Wall Street Journal

“...a profound implication for how we use SSNs throughout the country, as it is possible that as a result of this breach, the majority of adults’ SSNs are now compromised.”

The Morning Download: Global Cyberattacks Put Pressure on CISOs, CIOs

May 15, 2017 / Steve Rosenbush, Wall Street Journal

"...organizations should not act out the old adage that the CISO’s primary job is to get fired when something goes wrong, in this case."

Apple ransom highlights danger of credential stuffing

April 7, 2017 / Seth Rosenblatt, Parallax

"Credential-stuffing attacks are not rare. They account for more than 90 percent of the Internet traffic to log-in pages at major services, Shape Security’s Ghosemajumder says."

These Are the 50 Most Promising Startups You’ve Never Heard Of

March 6, 2017 / Ellen Huet, Bloomberg

"Quid looked at more than 50,000 companies and chose 50 it deemed the most promising."

Cloudflare Bug Spills Private Data Online

February 27, 2017 / Phil Muncaster, Infosecurity

"This incident has many people suggesting that everyone in the world should change all of their passwords immediately."

AI isn't just for the good guys anymore

February 1, 2017 / Maria Korolov, CSO Online

"Criminals are already using image recognition technology, in combination with "Captcha farms," to by-pass this security measure."

3+ billion credential breaches in 2016 – 2% success rate

January 24, 2017 / Ray Shaw, ITWire

"In 2011, while serving as deputy assistant secretary of defence at the Pentagon, Shape Security co-founder Sumit Agarwal observed a rising trend in the volume and complexity of automated attacks on Web and mobile applications. "

Credential-Stuffing Schemes Rely on Recycled Login Information

January 19, 2017 / Larry Loeb, Security Intelligence

"On most websites, users enter their email addresses in lieu of user IDs, so cybercriminals often need only to crack a victim’s password once to gain entry to several of his or her accounts."

Credential-Stuffing Attacks Take Enterprise Systems By Storm

January 17, 2017 / Ericka Chickowski, Dark Reading

"A study out today from Shape Security shows that it's common for credential-stuffing login attempts to account for more than 90% of all login activity on Internet-facing systems at Fortune 100 firms."

Credential Stuffing: a Successful and Growing Attack Methodology

January 17, 2017 / Kevin Townsend, Security Week

"Now consider credential stuffing. The term was coined by Shape Security co-founder Sumit Agarwal when he was serving as Deputy Assistant Secretary of Defense at the Pentagon."

Credential-stuffers enjoy up to 2% attack success rate - report

January 17, 2017 / John Leyden, The Register

"Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security."

Hacker Grabs Data on 1.5 Million ESEA Gamers, Demands 100K Ransom

January 10, 2017 / Kevin Townsend, Security Week

"According to figures from Shape Security, at least 11 gaming organizations suffered credential leaks last year."

Archived News:
2014 | 2015 | 2016 | 2017 | Recent

May 9th: Join a live webinar to learn how Starbucks partners with Shape Sign Up