2017 Headlines

You Can’t Secure 100% of Your Data 100% of the Time
December 4, 2017 / Shuman Ghosemajumder, Harvard Business Review

“Investing in all the traditional security in the world to prevent your website from having vulnerabilities will not help if your users’ own bad habits of reusing passwords results in cybercriminals being able to log in to your application just like those users.”

Shape Security's Blackfish designed to combat credential stuffing attacks
November 30, 2017 / Nicole Laskowski, TechTarget

“What this creates is a data-driven defense network, which is constantly learning, constantly improving and capable of autonomously defending itself”

Uber Breach May Intensify Push for Federal Disclosure Rules
November 22, 2017 / Steven Norton, Wall Street Journal

“Being transparent with users and enforcing good operational practices is just as important as investing in security technology.”

The Emerging Threat of Cybercriminal AI
November 8, 2017 / Martin Giles, MIT Technology Review EmTech Conference

Shuman Ghosemajumder, CTO of Shape Security and MIT Technology Review’s Martin Giles discuss responsibilities that companies have towards protecting the sensitive personal information they hold about us.

Shape’s Blackfish could stop password thieves cold
November 8, 2017 / Seth Rosenblatt, The Parallax

“The economy of the Internet as a whole is suffering so that we can learn which passwords have been stolen. Because Blackfish can see all automated log-ins in real time, [it] can capture compromised usernames and passwords,” Sarah Squire says, “instead of buying them.”

Credential-stuffing defence tech aims to defuse password leaks
November 8, 2017 / John Leyden, The Register

“Credential stuffing only works because many users still use the same login details on multiple sites. This is a serious security risk that's only getting worse as the volume of data breaches rises.”

Shape Security Introduces BlackFish AI to Combat Credential Stuffing
November 7, 2017 / Sean Michael Kerner, eWEEK

“New technology uses a bloom filter computer science approach to help detect potentially breached passwords, before a breach is publicly disclosed.”

Bloomberg Markets: Ghosemajumder on Protecting Apps
November 7, 2017 / Carol Massar and Cory Johnson, Bloomberg Podcast

“GUEST: Shuman Ghosemajumder Chief Technology Officer Shape Security Discussing the launch of Blackfish, the first system that can autonomously identify stolen passwords before the original data breach is reported or even detected.”

Shape Security introduces tool to blunt impact of stolen password caches
November 7, 2017 / Ron Miller, TechCrunch

“Today, the company released Blackfish, a product that could help blunt the impact of stolen password caches from massive breaches like Yahoo (the mother of all breaches), Adobe and Home Depot to name but a few examples.”

This 'pre-crime' AI bot network detects a hack before it's discovered
November 7, 2017 / Yahoo Finance

“Shape Security today launched Blackfish, the first system that can autonomously identify stolen passwords before the original data breach is reported or even detected.”

Why Data Breach Stats Get It Wrong
October 26, 2017 / Shuman Ghosemajumder, Dark Reading

“It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.”

Five questions about the massive Equifax breach
Sept 9, 2017 / Joe Uchill, The Hill

“For years we’ve been educating people not to enter their personal information into sites they have never visited before to protect them from phishing,” said Shuman Ghosemajumder, chief technology officer of Shape Security. “And that’s exactly what the notification site asks people to do.”

Your social security number probably got leaked and that’s very, very bad
Sept 8, 2017 / Stan Horaczek, Popular Science

Shape CTO Shuman Ghosemajumder on Equifax breach: "You should probably act as though your data has been compromised."

Equifax Breach Puts Social Security Number at Center of Digital Identity Crisis
Sept 8, 2017 / Steve Rosenbush, Wall Street Journal

“...a profound implication for how we use SSNs throughout the country, as it is possible that as a result of this breach, the majority of adults’ SSNs are now compromised.”

The Morning Download: Global Cyberattacks Put Pressure on CISOs, CIOs
May 15, 2017 / Steve Rosenbush, Wall Street Journal

"...organizations should not act out the old adage that the CISO’s primary job is to get fired when something goes wrong, in this case."

Apple ransom highlights danger of credential stuffing
April 7, 2017 / Seth Rosenblatt, Parallax

"Credential-stuffing attacks are not rare. They account for more than 90 percent of the Internet traffic to log-in pages at major services, Shape Security’s Ghosemajumder says."

These Are the 50 Most Promising Startups You’ve Never Heard Of
March 6, 2017 / Ellen Huet, Bloomberg

"Quid looked at more than 50,000 companies and chose 50 it deemed the most promising."

Cloudflare Bug Spills Private Data Online
February 27, 2017 / Phil Muncaster, Infosecurity

"This incident has many people suggesting that everyone in the world should change all of their passwords immediately."

AI isn't just for the good guys anymore
February 1, 2017 / Maria Korolov, CSO Online

"Criminals are already using image recognition technology, in combination with "Captcha farms," to by-pass this security measure."

3+ billion credential breaches in 2016 – 2% success rate
January 24, 2017 / Ray Shaw, ITWire

"In 2011, while serving as deputy assistant secretary of defence at the Pentagon, Shape Security co-founder Sumit Agarwal observed a rising trend in the volume and complexity of automated attacks on Web and mobile applications. "

Credential-Stuffing Schemes Rely on Recycled Login Information
January 19, 2017 / Larry Loeb, Security Intelligence

"On most websites, users enter their email addresses in lieu of user IDs, so cybercriminals often need only to crack a victim’s password once to gain entry to several of his or her accounts."

Credential-Stuffing Attacks Take Enterprise Systems By Storm
January 17, 2017 / Ericka Chickowski, Dark Reading

"A study out today from Shape Security shows that it's common for credential-stuffing login attempts to account for more than 90% of all login activity on Internet-facing systems at Fortune 100 firms."

Credential Stuffing: a Successful and Growing Attack Methodology
January 17, 2017 / Kevin Townsend, Security Week

"Now consider credential stuffing. The term was coined by Shape Security co-founder Sumit Agarwal when he was serving as Deputy Assistant Secretary of Defense at the Pentagon."

Credential-stuffers enjoy up to 2% attack success rate - report
January 17, 2017 / John Leyden, The Register

"Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security."

Hacker Grabs Data on 1.5 Million ESEA Gamers, Demands 100K Ransom
January 10, 2017 / Kevin Townsend, Security Week

"According to figures from Shape Security, at least 11 gaming organizations suffered credential leaks last year."

Archived News: