Boyce, VA 22620

Winchester Virginia | High Compromised Credentials Count

Winchester Virginia | High Compromised Credentials Count


Winchester Virginia Businesses Have Staggering Compromised Credentials Count

If that got your attention it should. Especially if you are a business owner in the Winchester Virginia area. So you still think cyber crime is something that only happens to big companies in big cities? Think again.

I know a lot of people will be angry at me for writing this but there are also those who take their businesses seriously and appreciate this kind of information.

The reason why I am reporting this is to make business owners aware of the dangers that are real and threaten the survival of their businesses. Keep reading to learn more about the sampling I personally took and the results that I found – they are truly disturbing.

I did a bit of research and found that there are over 11,500 businesses (Manta.com) that call our beautiful city their home. And who would blame them. Winchester is a beautiful city steeped in history nestled in the northern Shenandoah Valley of Virginia. There is so much to do that is within minutes of the city. It is in the Virginia wine region and is also a haven for the equestrian business.

back to the point …

I was somewhat surprised at the number of businesses located here but what is more startling is the results I found when I ran a cursory scan of less than 300 businesses in the area. This was a scan of Dark Web resources advertising compromised user credentials for sale. These credentials often included plain text passwords accompanied with the users email address. The scan I ran searched the domain names and therefore only included email addresses associated with said domains. Rest assured I did not run a comprehensive scan showing the individual email addresses I only scanned for a total count per domain. Are you ready for this number? I bet you aren’t

Here is it

The number of scanned businesses is less than 2.5% of the total.

The total of compromised credentials is actually much higher because it was set to stop at 10,000 per domain.

The total count came out to more than 254,000 !!!

What does the math show?

254000 / 285  = more than 893 compromised credentials per company AVERAGE! of this sampling.

but lets just even this out a bit. there were

83 that had more than 100 compromise records

38 with more than 1000

16 with more than 10,000

kind of an eye opener, wouldn’t you say.

These numbers include everything from every kind of business in the area. They range from animal hospitals to health care providers, from engineering firms to builders, transportation and shipping to investment firms and accountants.

Because I am kind of a numbers guy I had to take it to the next step and here are the numbers

if we take the average of 893 – which by the way is low. and multiply by the number of businesses in Winchester of 11,500 we get a total compromise record of 10,269,500. Remember this is Only for 11,500 businesses located in Winchester Virginia

What does this mean, and what do these numbers mean to your business?

I would imagine that many business owners are startled and feel this is of concern but unfortunately most admittedly know very little about Technical stuff and hacking other than what they see on the news or told to them by their IT provider or in-house IT team. What is even more unfortunate is they will ask those individuals what it means to their business. I say this is unfortunate because more often than not those people do not have the knowledge or training to address the subject.

Don’t get me wrong here. I believe the incumbent IT provider or in-house personnel are really caught between a rock and a hard place. I also believe they are good people who sincerely enjoy what they do. It is a tough job but at its root is very rewarding when you help people succeed at their jobs and businesses by doing yours. I know, I have been there. I also know that when I was serving in that role I would not have been qualified to address the subject intelligently. Many people would feel compelled to provide an answer because they felt it was their job to take care of it because they are the IT guy everyone counted on to fix their stuff when it broke and keep it running so they could successfully perform their jobs. Fortunately I was never put in that position.

Many in-house IT team members would likely give an opinion of such things with only enough knowledge to be dangerous. I know that many IT Service providers would do the same but I doubt many would admit it. So that creates a dilemma for the concerned business owner. They have a good relationship with their IT guy or at least they seem to keep things running. So they will tend to believe him because he likely knows more about it than the owner does. After all he is the one who is charged with doing that stuff, right?


If the business owner wants to get the truth about their cybersecurity posture they need to go to a neutral third party. Forget about having a penetration test done. That would likely prove nothing. The best thing you can do is have a full security assessment done. It will tell you without a doubt what the truth really is. The reason they need to do this is because if they ask their IT Provider or in-house IT staff to do this, they are really having the fox watching the hen house.

I know however that most business owners will go to the IT provider or It guy and ask them anyway. If you are going to do this I would suggest when you are told that they have it covered ask them for documentation, proof of their claims. For example

  • Can they show you a clean report from a dark web scan of their domain that can be verified? Do you get a status monthly?
  • Can they show up do date stats on the effectiveness of their user cybersecurity training program?
  • Is the password policy enforced?
  • Are expired user accounts disabled as soon as the person exits the company?
  • Are admins using best practices when working on their systems? What are they?
  • Can they show all times when admins have accessed their systems?
  • Can they provide user logs that show when users are accessing the system and from where?
  • Why haven’t they discussed implementing MFA with you?
  • If they say they can provide you with these reports, let them know that you expect them to be provided to you specifically, within the next 24 hours.

If they balk or ask for more time I would question their reasoning.

I know this may seem like a lot you would need to know as a business owner and you are absolutely right. It is a lot. Cybersecurity is also a lot for your IT provider or in-house IT team to handle as well. That is where we can help. Our ONLY focus is making sure your cybersecurity solution is of the highest quality. Because we do not have any skin in the game of providing other services to you our only motivation is to provide you with a truthful, no holds barred assessment that explicitly shows the good and the bad of your cybersecurity posture.

If you feel that you need help please do not hesitate to contact us.

Cybersecurity – it’s what we do – PERIOD!






Leave a Reply