Identity and Credential Theft in Collaboration Applications: A Growing Threat

Jeff Phillips, Code Siren, LLC

19 July 2023 - Post Quantum News


Collaboration applications (i.e., Zoom, Microsoft Teams, Slack, Discord, etc.) have become essential tools for businesses of all sizes. These apps allow teams to communicate and collaborate in real-time, regardless of location. However, collaboration apps also introduce new risks, including identity and credential theft.

The Threat Landscape

The threat landscape for identity and credential theft is constantly evolving. As collaboration apps become more popular, attackers are increasingly targeting these platforms. In 2021, for example, there were over 40 million data breaches (i.e., multiple breaches to most businesses), and the average aggregate data breach cost was $3.86 million per enterprise.

Collaboration Application Platforms are Treasure Trove for Attackers

Collaboration platforms are treasure troves for hackers, infostealers, and foreign adversaries seeking compromised credentials and IP to sell in cybercrime marketplaces or outright intellectual property theft. There are over 500 million credential-stuffing attacks performed every day. According to IBM, 20% of cybersecurity breaches are caused by compromised credentials, at an average cost of $4.37 million per instance.

Over 25% of the S&P 500 have exposed collaboration credentials for sale on the dark web in 2022 among the 26.6MM login credentials available. According to KELA, there are over 17,000 credentials - belonging to 12,000 different Slack enterprises for sale online via hacking forums like Genesis Marketplace, In The Box, Russian Market, and 2easy. Lastly, DarkOwl reports that there are over 500,000 Zoom accounts for sale.

The Impact of Identity and Credential Theft

The impact of identity and credential theft can be significant. In the context of collaboration apps, identity, and credential theft can lead to the following: Data theft: Attackers can use stolen credentials to access sensitive data, such as financial information, customer data, or intellectual property. Disruption of operations: Attackers can use stolen credentials to disrupt operations by deleting files, sending spam, or flooding the network with traffic. Other attacks: Attackers can use stolen credentials to launch further attacks, such as ransomware operations or distributed denial-of-service (DDoS) attacks.

How to Protect Your Company

There are several steps that you can take to protect yourself (and your enterprise) from identity and credential theft: Be careful about what links your employees click on and what attachments they open. Don't click on a link or attachment if you're unsure whether the link or attachment is legitimate. Use strong passwords and change them regularly. Your passwords should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Enable two-factor authentication (2FA). 2FA adds an extra layer of security to your accounts by requiring you to enter a code from your phone in addition to your password. Be aware of social engineering attacks. Attackers may trick you into giving up your personal information or clicking on a malicious link. Some social engineering attack operations last multiple years. Don't fall for these scams.

Self-Hosted Services: A Way to Reduce Effective Attacks and Secure Your Enterprise's Data

In addition to the steps mentioned above, businesses can reduce the risk of identity and credential theft by self-hosting collaboration apps. Self-hosting means that the app is hosted on the organization's servers rather than on a third-party provider's servers. This gives the organization more control over the security of the app, as well as the data that is stored on it.

There are numerous benefits to self-hosting collaboration apps. First, it can help to reduce the risk of data breaches. A third-party provider (i.e., Google, AWS, etc.) can access the stored data when an app is hosted on the third-party server. This means the data could be compromised if the provider is hacked. However, if an app is self-hosted, the organization is the only one with access to the data. This makes it much more difficult for attackers to access the data.

Second, self-hosting can help to improve performance. When an app is hosted on a third-party provider's servers, the provider may have to share those servers with other organizations. This can lead to performance issues, primarily if other organizations use the same app. However, when an app is self-hosted, the organization has dedicated servers. This means the app will always have the resources it needs to perform at its best.

Third, self-hosting can help to improvcome security compliance. If an organization is required to comply with specific security regulations, such as HIPAA or PCI DSS, self-hosting can help them to meet those requirements. This is because the organization will have more control over the app's security and the data stored on it.

Of course, there are also some challenges associated with self-hosting collaboration apps. First, it can be more expensive than using a third-party provider. Second, it requires more technical expertise to set up and maintain a self-hosted app. However, the benefits of self-hosting can outweigh the challenges for many organizations.

If you are considering self-hosting collaboration apps, there are many things you need to do to ensure that you are doing it securely. First, you need to choose a secure hosting provider. Second, you must implement security measures, such as strong passwords and two-factor authentication. Third, you need to regularly monitor the app for security vulnerabilities.


Identity and credential theft is a severe threat, but we have provided a number of steps that you can take to protect yourself and your enterprise. By following the tips above, you can help to keep your data secure and protect your proprietary intellectual property.


  • [1] Verizon, "2021 Data Breach Investigations Report."
  • [2] Identity Theft Resource Center, "Identity Theft Report."
  • [3] CISA, "Tips to Protect Yourself from Identity Theft."
  • [4] KELA, "Slack Credentials for Sale on Dark Web."
  • [5] DarkOwl, "Zoom Accounts for Sale on Dark Web."