Data breach victims aren’t changing their passwords

A new study by academics from Carnegie Mellon University’s Security and Privacy Institute (CyLab) has revealed that only a third of users actually change their passwords after a data breach announcement.

The study, titled “(How) Do People Change Their Passwords After a Breach?”, is not based on responses from survey participants but on their actual browser traffic. To compile their study, the academics analyzed real-world web traffic collected by the university’s opt-in research group Security Behavior Observatory (SBO) which collected the full browser history of those who signed up for the purpose of academic research.

Source Article

Data breach victims aren’t changing their passwords

Data breach victims aren’t changing their passwords

A new study by academics from Carnegie Mellon University’s Security and Privacy Institute (CyLab) has revealed that only a third of users actually change their passwords after a data breach announcement.

The study, titled “(How) Do People Change Their Passwords After a Breach?”, is not based on responses from survey participants but on their actual browser traffic. To compile their study, the academics analyzed real-world web traffic collected by the university’s opt-in research group Security Behavior Observatory (SBO) which collected the full browser history of those who signed up for the purpose of academic research.

Source Article