An interesting announcement this month came from Shape Security, who have launched the Blackfish system to identify and block stolen credentials earlier in the lifecycle. The problem is a growing one, with in excess of 3 billion sets of credentials reported stolen last year.
According to the product website: “Instead of relying on stolen credentials to someday appear on the dark web, Blackfish identifies freshly stolen credentials by observing where sophisticated cybercriminals use them. Blackfish builds on Shape’s machine learning platform which autonomously detects credential stuffing attacks. As one of the largest processors of login traffic in the world, Shape protects the logins to the most valuable accounts that cybercriminals target with credential stuffing attacks, including the top banks, airlines, and retailers. Blackfish AI sensors are able to identify the usernames and passwords that are used in those attacks and then invalidate those credentials across our customer network.”
You can view more information here: https://blog.shapesecurity.com/2017/11/07/introducing-blackfish-a-system-to-help-eliminate-the-use-of-stolen-passwords/