identity & security

Breached Password Detection: Protect Your Users’ Data Before It’s Too Late

Recent breach affecting up to 711M email addresses shows critical need for protection and detection.

No business is immune to the threat of breached passwords and devastating hacks. We’ve seen it one too many times with the largest businesses in the world falling victim to database leaks — Yahoo, eBay, Target, and most recently, Equifax, possibly one of the largest breaches in history. Cyber criminals hacked into the Equifax database, stealing names, social security numbers, birth dates, addresses, and private information of up to 143M people. As a result, Equifax now faces a multibillion dollar lawsuit for its negligence.

There’s no denying that the impact of any database hack is crushing, both financially and for customer trust.

Breached Passwords Counter

Another alarming breach was recently uncovered: a new, highly sophisticated spambot called Onliner that has infiltrated systems worldwide, targeting a whopping 711M email addresses. Troy Hunt, a Microsoft developer, well-known security researcher and creator of haveibeenpwned.com (HIBP), outlined the insidious nature of this spambot in a recent blog post that highlights the diversity of the data that was breached. Notable examples, like:

  • 29m rows of email address and password pairs
  • 142k email addresses, passwords, SMTP servers and ports
  • Random selection of a dozen different email addresses checked against HIBP showed that every single one of them was in the LinkedIn data breach
  • 4.2m email address and password pairs, this time with every single account having a hit on the massive Exploit.In combo list

Millions of emails and passwords are compromised every day, as clearly evident by Onliner, and yet there is a very simple solution that can avert this cyber-crisis or dramatically mitigate its disastrous effects: Breached Password Detection.

Breached Passwords Getty-Image

Breached Password Detection

Auth0’s Breached Password Detection just celebrated its one-year anniversary, and in the past year alone has protected millions of passwords. Our continuously-updated database of breached credentials containing hundreds of millions of entries serves as the clearinghouse for the legitimacy of any password-based logins. Any matches are denied and blocked in real-time; and users are instantly alerted to the attempt, forcing them to change their passwords immediately.

Breached Password Detection is a crucial feature in our identity platform that is used by our global customers for safeguarding valuable data. Here are compelling stats:

  • Thus far in 2017, our database has identified 3,602,290 instances of detection
  • And from September 2016 to now, that tally increases to 3,951,160
  • Auth0’s Breached Password Detection database averages 450,286 blocked breached passwords per month and 14,885 per day

It’s a foolproof way to ensure you’re protecting your assets, and that of your customers.

Implementing this essential measure is seamless on our authentication platform and requires simply toggling the feature on. Simple.

This level of protection, bolstered by additional Auth0 measures like Single Sign On and Multifactor Authentication, makes your service more secure, but more importantly, builds customer trust that’s beyond measure.

What are you waiting for?

Try Auth0 for free today to learn more about how you can protect your data and customers with Breached Password Detection.