The best way to protect your business from data breaches is to ensure that everyone in your company is using strong and unique passwords on all of their enterprise and personal accounts.
But as we all know, people tend to make mistakes, so accounts are inevitably bound to get compromised. Using strong and unique passwords limits your exposure when a data breach occurs.
Following the same rationale, Service Providers are also bound to get compromised. When that happens, Personal Identifiable Information (PII) and passwords get leaked, either in clear text form or in a hashed form.
These breaches can have catastrophic consequences for users who use weak passwords (which can be decoded, even when hashed) and users who reuse passwords, which allows hackers to use these passwords to access other services they use that password for.
These breaches also put your identity at risk, given that with enough identity attributes, scammers can convincingly impersonate you and go after your private data, and even your money.
The only thing companies can do in the case of a service provider data breach is to change all the passwords they use for that breached service.
But this also requires keeping an eye out for any news on that data beach, to make sure that you catch all the latest updates on it, and that every password within your company that was part of this data breach has been changed.
It goes without saying: this task can be quite strenuous and is difficult to enforce when you have no visibility over the exact scope of the compromise.
To help you protect yourself and your customers from the effects of data breaches, we have launched a new Data Breach Monitoring track with a product that we're calling Breach Monitor.
Over the past couple of years, we have been building a database of data breaches, containing credentials and passwords that have been leaked in data breaches over the course of the last 10 years.
Using that database of over 16 Billion records, we've created an API that we're leveraging in our Enterprise and MSP Portal to identify accounts that have been compromised in data breaches.
To access your data breach report, just navigate to the Breach Monitor section in the Portal. All accounts that have been compromised will appear in this list, and any changes that you make to these accounts will automatically update the report.
This marks the beginning of the road for our Monitoring track. We plan on tying the Monitoring track to our core Manage track to continue growing our Identity Platform and enable advanced features such as Identity Workflows (ex: the ability to trigger a password rotation when a specific service gets compromised).
To check out Breach Monitor, access your Portal here.
If you're not a Myki user yet, get started by signing up here.