HR & Payroll – When the company pays out to its employees, confidential information is shared with 3rd party companies such as ADP, Paychex and Ceridian. HR employees working on such online portals may be using credentials that are just a small variant of credentials used elsewhere. Once a password from another site is stolen and sold on the dark web, a hacker can then figure out passwords used on these sites.
Email Services – We share lots of official and personal information over email services such as Gmail, Office and Yahoo. Those emails and the information they contain are not completely safe from hackers and they be used for criminal activities.
CRM – Companies may often hire customer relationship management software to manage and analyze interactions with its current and potential customers. Sales and marketing folks are often not known for being technically savvy. The passwords which they create on SaaS (Software as a Service) CRM portals like Salesforce could get figured out by much more technically savvy hackers. Cyber criminals can easily explot this weakness to steal customer data.
Travel Services – Employees and companies use websites such as Expedia, Kayak or Orbitz for pleasure and business traveling and use their official credentials for bookings and payment. Those credentials may be just variants of the ones used on company systems for official purposes. Criminals often lure people with phishing emails to discover these credentials and then find their way into company’s systems
Communications – Most people use Verizon, AT&T, Sprint, and T-Mobile for their internet and wireless communication. Credentials sent over unencrypted emails and texts remain susceptible to being intercepted.
E-Commerce – It is not uncommon for people and even companies to shop online on websites such as Amazon, Office Depot, ebay or Staples. With online shopping, credentials that are stolen can lead to breaches of other systems.
Banking & Finance – With the spread of online banking, especially mobile banking, hackers come up with different ways to get people to give up their credentials. One easy way is through phishing emails that appear to come from a legitimate source that lures the user into clicking a link and taking user to a website that is very similar in look and feel to the actual website and where the user is then expected to provide login credentials.
Collaboration – Employees are increasingly using online collaboration or Cloud services to create and share work online. Services such as DropBox, and One Drive are common, and the hackers in many cases can exploit weak passwords used on such platforms.
Social Media – Facebook, Twitter, Instagram and LinkedIn are platforms with very high traffic, and people remain generally relaxed about security. Additionally, these are the most preferred websites for hackers to attack in order get those credentials. The stolen credentials then lead to breaches in other areas where variants of such credentials may have been used.