How Automatic Account Takeover Works and How it
Affects Your Company and WebSite
Automatic Account Takeover is a type of cyberattack where stolen user account credentials from a website data breach are used to gain unauthorized access to user accounts on other websites through large-scale automated login requests.
A website is breached and user login data is stolen
The stolen data is leaked onto the dark web and hacker forums
Numerous groups and hackers obtain the stolen login data
Using the stolen data, hackers gain access to other websites with these user accounts
After gaining access to other websites, hackers steal personal info, make purchases etc.
Password Scrubber is a turnkey solution and real-time service which allows you to instantly scrub your users and employee's login credentials against the Dark Sources database of over 20 Billion breached accounts and live cloud intelligence finding newly shared passwords not yet discovered by hackers.
Verifies existing passwords in real time when logging in or password change against our blacklist database existing user passwords
Handles verification for new or not yet processed credential information
Works with existing software for an easy one click solution
RESTful API based and can work for any organization of any size
Why Every Website Needs Password Scrubber
Reduce Your Security Related Support Costs
From the time, it takes to research and figure out the issue, remedy the issue and to see if the customers info was comprised takes time and comes at and average Support Costs of $275 per incident averging 10's millions per year. Stop these breaches by making sure no one in your user database matches anyone of our 20 Billion Breached Accounts.
Force Every User Account To Change its Breached Credentials
With Password Scrubber when a user logs in, registers, or changes their password their credentials are scrubbed against our database of over 20 Billion Breached accounts and live cloud intelligence catching new shared usage not yet seen by hackers and forced to use alternative stronger passwords. This goes well above and beyond simple password requirement strategies.
Prevent Any New Accounts From Using Breached Credentials
As new users are creating accounts at your website, you can prevent them from using the same accounts credentials that have been part of a previous breach. This will ensure that no new users can use the same password they use on every other website, on your website.
Real Time Databreach Updates
New data breaches are being posted online every day. Dark Sources is updating its database with new breaches daily. If an active user in your database had their credentials show up on a new databreach import, your next scan against our database will reveal this info, forcing your user to change his password. You will also be able to notify the user that his login credentials were found in a databreach and that they should change that password on any other website they may be using it at.
CHALLENGES AT THE WEBSITE LEVEL
Automated Account Takeover attacks are made possible because many users will reuse the same password across many sites with one survey reporting that 81% of users have reused a password across 2 or more sites and 25% of users use the same password across most of their accounts.
Most websites rely on simple security software solutions like only allowing a certain number of logins per IP address in a given time to protect them from automated account takeover attacks. The issue is that bot networks (which are now available to be rented on an hourly fee bases) often have millions of IP addresses to easily bypass these solutions.
Multi factor authentication such as 2 factor will almost always be opted out by users, because it’s not convenient for them to use and the cost in remedying an issue forces companies to stop using that system. The only way to truly stop automated account takeover attacks is to make sure your existing user database does not have any existing high-risk user accounts.
Stop exposing your website users to further breaches
Dark Sources provides the tools for every website to stop automated account takeover in its tracks.
RESTful API Risk Management Service
Every website or organization will be able to use our RESTful API service to compare their existing database against our breached database. The service will report back to you which of your existing customers are currently in our database so you can take immediate action to do things like force a password reset on their next login attempt or automatically notify them by email etc. You can run your database as many times as needed and only pay a small monthly fee based on the number of queries you send.
HOW TO USE
Password Scrubber Integrations
Password Scrubber is a set of turnkey solutions to scrub and lock down high-risk user credentials based on our database of over 20 billion recovered credentials and live cloud analysis of a user’s real-time usage across the internet. Listed below are our current Password Scrubber applications.
Direct User Risk RESTful API Service
Access our data directly for use within your applications to combat known user credential usage and meta data that can be used to identify a person’s risk to data leakage and footprint. Our API service can be integrated in as little as a few hours in most applications.