How to Use a Data Breach for User Verification

How to Use a Data Breach for User Verification

Author avatar

by Tamas Kadar

A data breach sounds like bad news for everyone, but there’s a silver lining when it comes to identity verification.

Every year sets a new record for the number of exposed records in a data breach. In 2020, the volume jumped by 141% with 37 Billion records lost.

Now, of course, this is bad news for the companies affected. Perhaps even more so for their users. It puts their accounts at risk and forces them to take preventive actions.

But we can also use that information judiciously to protect them. In fact, a data breach can actually inform processes like credit scoring with the right fraud prevention tool. Let’s see how it works in practice.

Have You Been Pwned?  

A growing number of companies, such as Firefox, allow you to check if your personal information has been compromised directly within their product.

But the go-to place for data leaks is undoubtedly, the number one website to find compromised information.

how haveibeenpwned shows if your email has appeared on a data breach
How HaveIBeenPwned shows if your email has appeared on a data breach

At a glance, it will let you see if your email has appeared in any data breaches, which ones, and will give you background information on the leak.

There is also a step by step guide of how to improve your own security (usually including paid sponsorships by password managers).

But it’s nevertheless interesting to see how people react once they have indeed been pawned.

What Happens After a Data Breach

The reason data breaches happen in the first place is that criminals can resell the information on the dark web. So that’s the first thing that will happen. 

You’ll come across huge data dumps, as they’re called, which are sold in bulk on shady internet forums. 

how accounts from data leaks appear on the dark web
How accounts from data leaks appear on the dark web

These account login details are used for account takeover (ATO attacks), or credential stuffing, where fraudsters attempt a combination of the email and password on numerous services. 

As a side note, this is why using slightly customised passwords for different services can backfire. If your Gmail password is passw0rd4Gmail, it’s easy enough to infer what it will be for LinkedIn.

If fraudsters do succeed in getting in, they will mine the accounts for personal details or, ideally, currency (crypto fiat and even bonus points).

Now if we switch over to the company that lost the data’s side, it will probably have to inform their users. This is especially true for European companies since the GDPR forces companies to publicly acknowledge when they’ve lost customer records.

Once the user is made aware of the leak, they tend to change their passwords – but not the email address. This is where it becomes interesting from a fraud management perspective.

Email Checks at the Signup Stage

When users sign up for your service, chances are they must provide an email address. We’ve previously covered the merits of an email analysis tool in another post, but in the context of data breaches, here’s the key takeaway:

  • An email address that appears on a data breach is likely from a legitimate user. It means the address is mature, and you may even be able to infer its age.
  • An email address that doesn’t appear on a data breach should be considered riskier. It may be freshly created, or even a throwaway.

Of course, this data point isn’t enough to accept or reject user signups. But when combined with other digital fingerprinting tools (such as finding social media accounts by email and reverse phone lookup) you can increase the precision of your risk scoring.

This is a tremendous advantage in modern credit scoring, where you need to calculate how risky a user is based on as little data as possible.

You can read more about how to reduce fraud with reverse email lookup here.

Email Checks at the Login Stage

Things get even more interesting at the login stage. One way to ensure only legitimate users get into their accounts would be to keep an eye out for the latest data breach news, and manually check if their login details have been leaked.

But there’s a smarter way to automate checks: using a combination of email analysis and device fingerprinting.

Put simply, here are examples of rules you could set up:

  • If the email has recently appeared on a data breach and the user seems to connect from a new device, you should increase the risk. This is highly likely pointing to an account takeover.
  • If the email has recently appeared on a data breach and the user is connecting from a trusted device, you could suggest a password change. It’s never a bad idea to educate users about the value of their accounts to prevent later damages.

You could even go into more sophisticated setups using velocity rules, for instance. If a user email appears on a data breach, logs into their account and makes a password reset request within a short timeframe: does it mean they are legitimate user worried about their accounts? Or an opportunistic fraudster? 

Only a previously installed device fingerprinting solution will help complete the full picture to reduce customer insult rate and improve security.

Leveraging Every Data Point for Identity Verification

In conclusion, you can see how a data breach can be a boon for fraud managers. It may seem counterintuitive, but sometimes, the work of cybercriminals can actually be employed against them.

Of course, this is just one weapon in your email profiling arsenal. You’ll also need to complete the picture using every tool at your disposal, such as IP analysis, device fingerprinting, and ideally custom rules specific to your industry.

SEON Intelligence Tool - Email Lookup screenshot
SEON Email Lookup Tool

Ready to get started? Click here to learn more about how SEON helps with data intelligence and automatic fraud detection.

Share article

See a live demo of our product

Click here

Author avatar
Tamas Kadar

Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.

Sign up to our newsletter