How it works
When a platform like LinkedIn, Adobe, or Dropbox is breached, the attackers extract a database of usernames and passwords. These are usually hashed (encrypted), but weaker hashes are cracked within hours using modern hardware. The resulting plaintext credentials are then sold or published on dark web forums.
Attackers then run these credentials against other services — your company email, Microsoft 365, your VPN, your accounting software. This is called credential stuffing. It's automated, cheap, and alarmingly effective because most people reuse passwords.
The LinkedIn 2012 breach used a weak hashing algorithm (unsalted SHA-1). By the time the database was publicly leaked in 2016, virtually all 117 million passwords had been cracked. Many of those passwords are still actively being tested against business systems today.
Why this affects your company specifically
Your employees used their work email (`naam@bedrijf.be`) to register on LinkedIn, Adobe, or dozens of other platforms that have since been breached. If they reused the same password — or a variation of it — across personal and professional accounts, attackers have a direct path into your business systems.
The most common attack pattern Niova sees: stolen LinkedIn credentials → test against Microsoft 365 → successful login → inbox rule created to silently forward all emails externally → attacker monitors for invoices and payment instructions → BEC (Business Email Compromise) fraud.
Three things to do today — all free
Check your domain on Have I Been Pwned
Go to haveibeenpwned.com/DomainSearch and search for your company domain. This shows you which of your company email addresses appear in known breach databases. The domain search is free and requires a quick verification step to confirm you own the domain.
Enable MFA on Microsoft 365 for everyone
Even if a password is compromised, MFA stops the attacker from logging in. Go to your M365 admin centre → Entra ID → Properties → Manage Security Defaults → enable it. This single step blocks the vast majority of credential-stuffing attacks.
Brief your team: unique passwords for work accounts
The message is simple: the password for any work account must be unique and not used anywhere else. A password manager (Bitwarden is free and excellent) makes this practical. This is the root cause fix — MFA is the safety net, but unique passwords prevent the problem entirely.
What Niova's breach monitoring does
Checking Have I Been Pwned manually gives you a snapshot. Niova's breach monitoring service continuously watches dark web sources, breach aggregators, and credential dumps for your company's email addresses — and alerts you the moment a new exposure is found, before attackers can act on it.