Peeing in the Paddling Pool
(or why your data breaches are screwing over our companies)

Peeing in the Paddling Pool[1]

Cascading digital identity attacks[2] have been a real and present danger for several years now – the identity based hacking of Matt Honan’s accounts was the first instance of this threat to be widely publicized, but is merely a high profile version of what is becoming a normal threat … to all of us.

Major data breaches are becoming a weekly event. Damages resulting from a breach at some company other than yours are not limited to that company; they open doorways that threaten your customers, partners and employees.

While the details of the recent breach at Electronic Arts are still unclear, it appears that the breached accounts were exposed using digital identities, usernames and email addresses obtained in other breaches – the cascading attack led to the subversion of EA user accounts.

User information obtained via a data breach at Talk Talk in the UK was used in identity attacks on other companies even before the breach was announced, even though notification was apparently provided to customers within 36 hours.

When neighboring businesses expose consumer identities it will affect your company.

When you expose consumer identities it will affect neighboring businesses … more importantly what we all do affects the only group of consumers there is.

Confyrm described a digital identity alert sharing system that protects user privacy and the brands of the companies that generate alerts. It provides real time alerts that match the needs of online services to protect users from developing digital identity exposures… exactly the type of alerts we need to share to limit the impact of breaches on customers and other companies.

We all share a single group of consumers – there is only one paddling pool and we all play in it. When one of our customers is affected or exposed by our actions, they are the same customer that another online business depends on.

Sharing alerts that protect users by notifying other companies that share those users provides a significant tool in limiting the impacts of digital identity fraud.

It’s time to start sharing alerts that protect all of our identities …

Updated 11/2/15:

The breach at Vodafone reported in the last few days is being attributed to “email addresses and passwords acquired from an unknown source external to Vodafone.”


[1] Wading Pool, Kiddie Pool, … translate according to your local cultural norms…

[2] Identity information obtained at one site is used to progressively leverage access at additional sites with the intent of subverting a user’s high value accounts.

Contact Us

Contact Us