“Biggest leak of its kind” added to Specops Breached Password Protection

STOCKHOLM – Today, Specops Software announced the addition of the latest HaveIBeenPwned (HIBP) password list update, v7, to its Breached Password Protection database. Over 226 million passwords from over 23,000 hacked databases are in HIBP v7, a collection of databases attributed to the now defunct data breach index site, Cit0Day.

“This Cit0Day password set really speaks to how well-resourced the bad actors are who are trying to attack your network,” said Darren James, Product Specialist at Specops Software. “These bad actors aren’t just trying to manually guess at your passwords, they’re using services like Cit0Day to help make their attacks more efficient.”

Cit0Day operated by collecting hacked databases and then offering that stolen data to hackers for a monthly fee. Threat analysts are calling it the biggest leak of its kind, according to ZDNet.

“If you’re operating without your own efficient defense like Specops Breached Password Protection, you’re really leaving your network open,” continued James. Breach databases like that of Cit0Day that include data from thousands of websites are a problem for IT admins because of password reuse. Google found in 2019 that over 60% of people reuse passwords.

Source: Google survey, February 2019

A network is exposed if employees are reusing their corporate password on a personal site. And most likely, they are.

LastPass found 13 times to be the average number of times an employee reuses a password in 2019. And in 2018, found that 50% of people do not create different passwords for personal and work accounts.

Source: LastPass Global Password Security Report, 2018

The danger of these passwords in IT environments is real – 81 percent of hacking-related data breaches were a result of compromised passwords, as found in a recent Verizon Data Breach Investigations report. When users choose passwords that can be found on a list of leaked passwords, they are making it easier for the next data breach to occur.  

Checking whether the latest HaveIBeenPwned passwords are in Active Directory can take some work, or you can find out how many breached passwords are in use in your environment by running a free read-only scan of your Active Directory with Specops Password Auditor.

Specops Breached Password Protection works together with Specops Password Policy so that companies can block all passwords found on the list of over 4 billion compromised passwords, making it easy to comply with industry regulations, such as NIST or Cyber Essentials. The service blocks people from choosing banned passwords and informs the user as to why they cannot use the password.

About Specops Software

Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Every day thousands of organizations use Specops Software to protect business data.

Media Contact

(Last updated on October 30, 2023)

Back to Blog