Security

Understanding the Risks of Third-Party Data Breaches

Consider the scale of third-party data breaches in recent years: LinkedIn (700M), Facebook (533M), Twitter (330M), Canva (137M), Dropbox (69M), Uber (57M), EasyJet (9M). For most organisations, one or more of their staff will have had an account with one of these.

This might sound like a minor threat - until you consider credential reuse. Studies by LastPass and Google found that between 59–65% of people reuse the same username and password across multiple accounts. Since 2020, the amount of hacked credentials available on the dark web has increased by 65%.

The Real Risk for Organisations

The risk isn’t always a direct breach. It’s the threat of being breached through indirect means - a member of staff having credentials compromised through LinkedIn, which then opens doors elsewhere because they’ve reused those credentials for work systems.

What Should an Organisation Do?

  • Scan the dark web - regularly scan for leaked credentials relating to your domain so you can act proactively with password resets before attackers exploit them.
  • Secure password management - make it easier for staff to have strong, unique passwords for every account.
  • Access controls - MFA, password complexity policies, and regular resets.
  • Staff awareness training - educate your team on the risks and best practices.
  • Regular security audits - identify weaker areas within your ecosystem.
  • Monitor for suspicious activity - EDR/MDR/XDR solutions to detect and lock down breaches in real time.

info@etg365.co.uk · 01604 346 444

← Back to Blog