The “Myth” of Confidential Customer Credentials

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Is there such a thing as “Confidential Customer Credentials” anymore?
Article By: Jeremy Bannister (CYBER SECURITY EAGLE)

Recently there was information released about Google’s G-mail customer user account credentials becoming the latest to be put on sale on the Dark Net, along with numerous Yahoo customer user account credentials that stem from numerous cyber-attack incidents spanning from the last 3-4 years. It seems that no company is safe or immune to the exposure of confidential customer user credentials becoming compromised. Every day there seems to be a different security incident leaked or reported that involves customer user profile credentials becoming exposed for unlawful profit. This is just one of the latest security breaches that have risen to the surface of public knowledge.

It is becoming very clear to me, that it is almost impossible for any company that offers web services to obtain customer user profile credentials confidential and secure from Cyber-Attacks carried out by hackers. These hackers have been exposing and posting customer user credentials for sale on the Dark Net for a lucrative unlawful profit. Yahoo has been breached on three separate occasions and each security incident has had customer user profile credentials compromised within the last three to four years. These security incidents, in turn, have cost the company a ton of money just in between the negotiation process and the finalized sale of the company to Verizon for around $925 million less than originally agreed sale price. This does not even sum up the overall expected financial loss and overall loss of reputation projected to impact Yahoo due to these three security breaches.

There have been several other web service companies also exposed with similar security incidents that have compromised or exposed customer user profile credentials to Cyber-Attacks. This is why it is so very clear to me as a Cyber-Security Professional and web service customer, that it is going to be up to the customer or consumer of these or any other web services to protect their own user profile credentials. After all, you cannot put a price on an individual’s identity or their user credentials that are used to keep user profile secure & confidential. Therefore, end users of web services need to become proactive and educated on the best security practices for maintaining secure & confidential credentials for their user profiles associated with various web services. There are several tools and web articles that can help accomplish this very necessary action needed to be carried out by all web service end user customers. These are just two of the many websites that can offer education and advice on the best security practices to maintain secure user profile credentials ( & (

Remember: Always take extra precautions when dealing with any items or credentials that are linked to your personal and online identity. There is no price tag that can be placed on protecting one’s information or identity.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Yahoo does not inspire confidence with me at all. I’m not a Yahoo customer, and nor do I wish to be one, despite being bought be Verizon. A major breach creates major reputational damage.

    The line we are being fed now is “long and strong” passwords, and also no password re-use on other sites.

    We can educate users to be safer at work, but also at home.


    Problem with this. You have a really really good strong password – if that site gets compromised, your password is now exposed and out there.

    As consumers we need the trust from websites and companies that they take this seriously. We have compliance eg. HIPA/PCI-DSS etc, but something isn’t working. It is easy to blame the end users when they do something dumb, but if site security is poor – then don’t blame the end user, blame the company.

    If a company has a breach from blatantly poor security – eg. no lessons learned, then vote with your feet.

    My faith and trust is really really being tested.

    • I understand what you are saying, but there are other things users can do to protect their passwords. You can use encryption,hashing and salting. Masking using honey pot techniques like having two passwords Dummy password and keyed verified password. Not to mention End Users should change password on a frequent basis. Companies and web organizations need to start enforcing stricter security policies to assure users are properly educated and aware of the dangers of exposure. Most Security Professionals understand that there is always a percentage of exposure and risk associated with having credentials online. The goal is to limit your risks of exposer to your assets and credentials online. Risks to exposure will not ever be completely eliminated. Just like their is no such thing as a totally secure Website, online assets, and credentials because the risks of exposure will never be completely eliminated only lessoned. Be careful using Gmail account because Yahoo was not only company exposed lately because G mail was also breeched recently.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?