In what’s becoming almost a daily occurrence, another breach has left usernames and hashed passwords exposed on the Internet. Time Warner Business Class was recently breached by TeaMp0isoN, which dumped almost 4200 credentials on various repositories. While the number isn’t as staggering as Time Warner Cable’s breach of 320,000 records in January of this year, the impact had the potential to be much more severe. Many of these 4200 credentials were from small to mid-size businesses that relied on Time Warner Business Class to provide managed services for their organizations. It appears that Time Warner Business Class took quick action and was able to limit the damage sufficiently, but many users now have their contact information and hashed passwords exposed.
Obviously, dealing with such an event can be a huge distraction to your organization. Is your company dealing with a breach? In this blog post, we have provided some tips to take as soon as you learn of a breach and steps to take when dealing with your vendors.
What you should do as soon as you learn of the breach:
- Notify the proper IT personnel and management to let them know that account details have been leaked. Give as much detail about what types of information the account had access to.
- Change the affected password immediately. Also, change any business or personal account passwords that are using a similar (or the same) password.
- Attackers often attempt to use compromised credentials on other well-known services.
- Reach out to your vendor contact and gain an understanding as to what they are doing to mitigate the breach. Your organization’s incident response plan should have these contacts available.
Many organizations feel helpless when a vendor experiences a breach, as their credentials are leaked through no fault
of their own. While there is no silver bullet to prevent this, there are some steps that your organization can take to
increase security when working with vendors.
Below are some tips to take when working with a vendor:
- Perform thorough due diligence, including reviewing the vendor’s SSAE-16/SOC reports and penetration test
results. - If they provide access through a portal, ask if multi-factor authentication is available.
- At a minimum, a strong lockout policy should be in place for the portal account.
- Use at least a 15 character complex password.
- Typically, passwords are dumped in the form of a hash, and using a long, complex password will decrease
the attacker’s chance or cracking the hash and obtaining your password.
- Typically, passwords are dumped in the form of a hash, and using a long, complex password will decrease
- If your organization allows vendor access to the corporate network, understand how the vendor gains access,
what controls are in place when granting such access, and what level of access your vendor has.- If constant access is not required, accounts should be disabled until the vendor requests access.
- Ensure your contract gives your organization the right to audit your vendor. An audit can give your organization
assurances that the vendor is performing their services and operations as agreed.
Have questions or comments? Email us at info@rebycsecurity.com
