Quick Intelligence Blog

How Long Does it Take Cyber Criminals to Exploit a Compromised Password

Hacker programing in technology environment with cyber icons and symbolsHas this ever happened to you? Company X gets breached and you receive an email telling you that your password has been stolen and you need to change your password. If you’re wondering how much time you have to reset your password before your account is compromised, the answer, according to cybersecurity researchers at Agari, is not very long.

ZDNet reported on Agari's tests to find out how long cyber criminals would take to attempt to use the credentials. Thousands of credentials that were made to look like real accounts were planted by Agari onto popular websites and forums for stolen usernames and passwords. In the first 12 hours after Agari seeded the sites, half of the accounts were accessed. Within an hour, 20% of the sites were accessed, and 40% within six hours. 

If you do get notified that your password has been compromised, you should change your password right away. Especially when business accounts have been compromised, you need to act quickly, as the risks include things like theft of sensitive information, access to privileged accounts, and Business Email Compromise.

Organizations need to protect their users, cloud applications, and wider network against phishing and other attacks to help defend against these exploits. One key defence to put in place is antivirus software or a spam filter. Multifactor authentication is also a must! If a password is compromised by an attacker, multifactor authentication will make it more difficult for the hacker to gain entry, and users will be alerted if someone else is trying to log in.

If your business needs help protecting its users, contact the experts at Quick Intelligence. With our help, you can ensure your business has strong password policies, multifactor authentication, and cyber awareness training.

Topics: Phishing cyber security Multifactor Authentication Anti-Virus Cloud