Story image

Experts comment on record 772mil-user data breach

21 Jan 2019

Cybersecurity expert and founder of website Have I Been Pwned Troy Hunt broke the news recently that the largest ever database of breached login details have been leaked on the dark web.

Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.

In total, the unique email addresses compromised in the data breach came up to over 772 million.

Users can check Hunt’s website, Have I Been Pwned, to see if their email address and associated password have been compromised in the data dump.

The data breach appears to have been retrieved from a collection number of different sources.

McAfee Asia-Pacific chief technology officer Ian Yip says, “This incident is somewhat unsurprising, given the number of attacks we’ve seen hit Australian businesses, employees and everyday people over the last couple of weeks.

“Hundreds of millions of people are still at risk of a multitude of vulnerabilities, which can be exploited by sophisticated cybercriminals who are driven by monetary gain.

"It’s prudent for citizens to act fast and defend themselves. With such a high volume of personal data being discovered, nobody can assume they haven’t themselves fallen victim.

"As an immediate next step, passwords need to be changed. If you have the same password across any account, device or app you need to make every single one unique, strong and never re-use it again. A password manager is a great option if you want to do this quickly.

"Once your password is in the hands of a cybercriminal, they can gain access to personal and even financial information by painting a ‘picture’ of you. This is yet another alarming wake-up call for people who do not place importance on their online privacy, security and data protection. Cyber resilience must remain a high priority goal for organisations and citizens.”

OneSpan security solutions director and security evangelist Will LaSala says, “This is a colossal breach. Those impacted should act fast to change any reused passwords, as the exposed credentials can be used by criminals in credential stuffing attacks to cause maximum damage across multiple other accounts.

“And with criminals trading assets in underground forums, data from this breach could easily be cross-referenced with information lying elsewhere to bypass authentication. For the more high-risk accounts like banking accounts, this poses a very real fraud threat.

“If this doesn’t highlight the need for security reach beyond the password, then not much else will. We should know by now that using a combination of multiple, layered authentication technologies gives companies, and users, the best chance.

“Banks especially should be upgrading their authentication procedures to more intelligent methods to mitigate the fraud risk in the aftermath of attacks such as this. This technology should combine multiple authentication techniques, whether that’s fingerprints, behavioural biometrics or one-time passwords.

Callsign CMO and go-to-market strategy head Sarah Whipp says this case is just another example in a long list of hacks which prove that outdated password is no longer fit for purpose.

“The Collection #1 database is just another nail in the coffin for the traditional password. Not even a ‘strong’ password can keep your data safe if it’s freely available on the dark web.

“While we have come on leaps and bounds in terms of biometric authentication technology which has helped improve the protection of our identities online, the ability to collect sufficient biometric data tends to be quite difficult and consequently, it is also not 100% secure.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Pure Storage expands enterprise data management solutions
It has integrated StorReduce technologies for a cloud-native back up platform, and expanded its data fabric solution for cloud-based applications.
HPE launches new real-time processing edge platform
The platform is said to help communication service providers (CSPs) to capitalize on data-intensive, low-latency services for media delivery, connected mobility, and smart cities.
‘Digital twins’ entering mainstream use sooner than expected
The term ‘digital twin’ may sound foreign to some, but Gartner says it is rapidly becoming established among modern organisations.
Infinera launches new ‘disruptive’ network architecture
The new end-to-end network architecture is said to enable instantly scalable, self-optimizing networks that adapt to the demands of specific users and applications.
Survey finds DC managers want more efficiency, not horsepower
More servers and more CPU power used to be the answer to boosting data centre performance, but it appears this is no longer the case.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Nlyte celebrates record year and new board chairman
The company recently announced a strong 2018 calendar year after adding more new customers than any other year in its 15-year history.