1 Billion Email And Password Combinations Leaked – Expert Comment

By   ISBuzz Team
Writer , Information Security Buzz | Dec 13, 2019 04:38 am PST

Over one billion email and password combinations were leaked online by an unnamed party–  giving bad actors the information necessary to conduct countless credential stuffing or other spam campaigns. The unsecured database primarily features emails from Chinese domains, as well as numerous Gmail and Yahoo addresses.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Stuart Reed
Stuart Reed , UK Director
InfoSec Expert
December 13, 2019 12:43 pm

While the news of another unsecured server is concerning, the immediate worry here is how many passwords and emails are now readily available for criminals to exploit, in all kinds of attacks. For example, with passwords stored in plain text, they can relatively easily be used in credential stuffing attacks. On top of this, it took several days for the server to be secured again, gifting criminals with ample time to gain access to the information.

All organizations need to ensure that at the very least they are encrypting sensitive information. Beyond this, there should be a multi layered approach, where staff are educated and there is analysis at multiple layers of the security stack to identify threats and malicious behaviour. Network detection and response is vital for a holistic view and the ability to mitigate the damage of an attack fast. What’s more, in this situation, consumers should now be updating and changing their passwords to ensure they mitigate their own risk.

Last edited 3 years ago by Stuart Reed

Recent Posts

Would love your thoughts, please comment.x