Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys!1, and so on.) Knowing this, hackers will run scripts using Metasploit frameworks (hacking and pen testing tools) to “brute force” their way into an unsuspecting system.
The password identified does not meet our network criteria. Why should we care about this?
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- How do I subscribe or unsubscribe a Daily/Monthly Dark Web ID Compromise Report email notifications?
- Compromise Data Spike
- Dark Web ID Data Integrity
- CSS Compromise Type
- I see fake emails (false positives). Why is this important?
- How are the stolen or exposed credentials found on the Dark Web ID?
- What is the Dark Web?
- Some of this data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?
- Identified method used to capture/ steal data: how was the data stolen or compromised?
- Does the identification of my organization’s exposed credentials mean we are being targeted by hackers?
- See more