So let’s unpick this
Firstly, our customer’s IT system hasn’t been compromised. They can rest easy. But clearly there has been something untoward.
What’s happened is that this person has been using a web system somewhere on the internet, and they have created an account on that with their work email address. It could be any site at all, from a travel site, to an online auction site, a property site, a video or music streaming service, a courier tracking system – literally anything. It’s one of these sites that’s been hacked.
We read about these various sites being hacked and a certain number of passwords ‘stolen’ – just recently there was a huge hack on Facebook – that’s especially a worry if you also use your Facebook credentials to log into other systems.
In many cases, we tend to use the same or similar passwords for the multitude of sites we access. That’s certainly the case in the example above. The hacker knows their email address has been used as an account name, and they’ve stolen the password. So now they can try that account name and password (and password variations) on a bunch of other common sites as well.
So, how can we help? In this case, not a lot, other than keep educating and reminding people of good practice. But security is a big deal and that’s why we have a security add-on to our KARE agreements
But right now, check if your credentials have been stolen from website yourself, just go to https://haveibeenpwned.com/