Historical Account Compromises

Overview

Company accounts found in breached databases fall under this category. Passwords are commonly reused or changed a just a little bit which can give an Attacker an easy foothold into the organization.

The Likelihood of this is High along with the Impact being High as well, for obvious reasons.

The company can create a blocklist of the compromised passwords.

Example

Finding
Passwords should always be obfuscated in pictures. Usernames can be shown in credential dumps
Remediation
PreviousUndetected Malicious ActivityNextConcluding the External Pentest

Last updated

Was this helpful?