While employees may have moved on from your organization, their company issued credentials can still be active and valid within the third-party systems they used while employed. In many cases, the third-party systems or databases that have been compromised have been in existence for over 10 years, holding millions of “zombie” accounts that can be used to exploit an organization. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and third-party accounts that could be used for exploit.
0 Likes