Dark web password breaches: what Kiwi businesses should actually do
Speaking with Ryan Bridge on Herald Now, Paul Spain broke down findings from a New Zealand cyber security startup's dark web research, which turned up close to 200,000 active logins tied to New Zealand organisations already for sale online. The prices are almost beside the point: a Gmail login might fetch a few dollars, but stolen credentials are traded and reused in bulk, and Paul's central message was blunt: assume a password from someone in your organisation is already circulating in some form.
The practical advice held few surprises but is still routinely ignored: unique passwords for every login, multi-factor authentication switched on everywhere it's offered, a proper password manager instead of memory or sticky notes, and regular independent reviews rather than a one-off check. As Paul put it on air, most people and most businesses simply aren't consistent about the basics, and that inconsistency is exactly what gets exploited.