Specops Breached Password Protection Expands with the Addition of Outpost24 Threat Intelligence Malware-Stolen Password Data

This expansion coincides with the publication of the 3rd annual Specops Breached Password report.

Today, Specops Software announced the addition of a new source of compromised password data for the Specops Breached Password Protection service used by Specops Password Policy. This new source of compromised password data is powered by the threat intelligence unit of Specops Software’s parent company, Outpost24.

The Outpost24 threat intelligence unit, KrakenLabs, specializes in tracking threat actors, reverse engineering of malware, and analyzing threats to generate crucial intelligence that powers the Outpost24 threat intelligence solution and now an additional data source for the Specops Breached Password Protection service. KrakenLabs constantly monitors the dark web for illicit activity to ensure organizations stay ahead of emerging threats.

“We are thrilled to be working closer with our Outpost24 colleagues on bringing this compromised password data source to Specops Password Policy customers,” said Darren James, Senior Product Manager at Specops Software. “This new data source means that our customers’ AD passwords are even more protected against the danger posed by password reuse.”

This new data source from the Outpost24 threat intelligence solution includes passwords from both leaked credentials in underground markets and stolen credentials obtained by malware. This compromised password data is collected through the Outpost24 infrastructure of sinkholes, honeypots, crawlers, and sensors that are continuously searching, and can also capture credentials obtained by malware in real-time.

The threat intelligence compromised password data source has added over 33 million new passwords to the Specops Breached Password Protection service so far.

The 2024 Specops Breached Password Report

The new compromised password data source announced today coincides with the publication of the 2024 Specops Breached Password Report. The report includes findings from the same team that powers the new threat intelligence compromised password data source.

“This year’s Breached Password Report shows us that, yes the password is still a problem for IT teams and a weak point in many organization’s cybersecurity strategies,” shared James. “New this year are insights from the Outpost24 threat intelligence unit on SaaS password data, underscoring the need for IT teams to protect against the risk posed by password reuse.”

Sample findings from the report include:

  • 123456 was the most common compromised password found in over 2 million breached cloud application credentials
  • 88% of organizations still use passwords as their primary method of authentication
  • Only 50% of organizations scan for compromised passwords more than once a month
  • Analysis of over 2 million compromised application credentials suggests that a required Active Directory password length of at least 13 would greatly reduce the danger of cloud application password reuse in Active Directory environments
  • Longer passwords aren’t safe from being breached – 31.1 million breached passwords were found to be over 16 characters in length

Report methodology

The research in this report has been compiled through proprietary surveys and data analysis of 800 million breached passwords, a subset of the more than 4 billion breached passwords within the Specops Breached Password Protection list. As well as analysis of more than 2 million business application credentials hacked by malware and 1.8 million admin portal credentials from the Outpost24 threat intelligence team.

To read more about the methodology and findings download the report here.

Find compromised passwords in your network today

Today’s research publication coincides with the addition of over 7.7 million compromised passwords to the list used by Specops Password Auditor.

You can find how many of your Active Directory passwords are one of almost 1 billion known compromised passwords with a read-only scan of your AD from Specops Password Auditor. Specops Password Auditor does not store Active Directory data, nor does it make any changes to Active Directory.

Continuous automated defense against compromised passwords

Specops Password Auditor offers a great starting point for assessing your current password risks, but it’s only a snapshot. With Specops Password Policy and Breached Password Protection, organizations can continuously protect themselves against over 3 billion more known unique compromised passwords. These compromised passwords include ones used in real attacks today, discovered in malware, or are on known breached password lists, making it easy to comply with industry regulations such as NIST or NCSC.

Our research team’s attack monitoring data collection systems update the service daily and ensure networks are protected from real world password attacks happening right now. The Breached Password Protection service blocks these banned passwords in Active Directory with customizable end-user messaging that helps reduce calls to the service desk.

The daily update of the Breached Password Protection API, paired with continuous scans for the use of those passwords in your network, equals a much more comprehensive defense against the threat of password attack and the risk of password reuse.

Interested in seeing how this might work for your organization? Have questions on how you could adapt this for your needs? Contact us or see how it works with a demo or free trial.

(Last updated on January 23, 2024)

Back to Blog