“Baby born with two heads! Alligators found in Central Park! 773 Million Credentials Leaked! Largest Breach In History! Step right up folks, and get the latest news, exclusively right here!”
And so it may as well have been last week. The sensationalized news of the Collection #1 breach touted as “one of the largest breaches to date.”
We Weren’t Surprised
Here at VeriClouds, we weren’t surprised or taken back at all by this so-called “breach.” Compromised credentials is the air we breathe. We separate the fluff from the real stuff, analyze, aggregate, ensure and provide integrity and protect customers with the largest cache of compromised credentials in the industry.
As Brian Krebs has already pointed out in this article, this wasn’t really a single breach. But we knew that. This wasn’t even a recent breach. But we kinda already knew that. It’s an aggregate of past breaches of which over 90% of the credentials, we already had in our database — our customers have been provided this intel and protection the entire time. These weren’t even the freshest credentials, which matters a great deal when it comes to compromised credentials. We kinda let our customers know that. We wanted to let you know that.
Nothing to see here really for those truly in the know or already protected. It’s great to yawn and move on, knowing our customers have been protected this entire time.
Why The Sensationalism?
Unfortunately, reporting of some segments of InfoSec news is beginning to iterate into a platform for sensationalism and redirecting the spotlight elsewhere, somewhat based on hidden agenda.
Have I Been Pwned (HIBP) has benefitted the community at large in terms of bringing awareness to the hidden dangers of compromised credentials and the incredible threat they pose, both at the consumer as well as enterprise level. And we’re certainly happy about that.
The irony is some of that awareness in terms of true mitigation seems to remain hidden based on the sensationalism, which seems to breed so-called “approaches” that aren’t truly effective in clarifying and mitigating the actual risk around compromised credentials.
A Paradigm Shift Still Remains Essential
The bottom line is that VeriClouds was founded on the realization that a true paradigm shift, both in thinking and therefore also in execution, is and will continue to be necessary in order to meet and truly mitigate this ever-growing threat.
When news like this is delivered sensationalized and then cursory and pedestrian “mitigations” are tossed around, we all tend to lose sight of the true impact and risk the problem identity threats pose — of which compromised credentials is only one facet.
A true Identity Threat Protection solution is needed. We will explore the how and the why of why we feel this way using this so-called “breach” of 773 million credentials as a focal point in another article, coming soon. Stay tuned.
Why We Are Different
So back again to the sensational news. We’ve known for a while we’re different than freeware credential “services” such as HIBP. This was articulated over four months ago in this article.
In brief, we are nuanced and much more directed and effective in solving compromised credentials use cases in the following way:
- Enhanced privacy and security – being able to preserve the user ID and Password
- Integration with your IAM system or customer portal using the context of your organization
- Automation during the whole customer life cycle – registration, authentication, password reset
- SLA and Customer Support when you need it
We just thought you’d like to know.
In conclusion, be aware the InfoSec and cybersecurity communities are evolving, not only in terms of threats, but also how those threats are framed, reported and approached.
In the eyes of some, the end does justify the means. We can’t take that approach but rather believe the threat is real enough to warrant the development of solutions that actually meet and mitigate the threat.
VeriClouds has had over 9 billion credentials in its database, faithfully serving as a commercially nuanced and properly formulated and offered Identity Threat service for enterprise customers in the area of compromised credentials. It’s amazing to us how the report of a mere 773 million older and less valuable credentials has caused so many to gasp while 9 billion seems to not even elicit a yawn in the broader community.
That is true sensationalism and why it hides the deeper threat as well as the more needed, properly nuanced, protected and necessary approaches around Identity Threat Protection.
And that’s certainly nothing to yawn about.