https://twitter.com/RedySeguridad/status/1096370046115360768
Following the news that a collection of 127 million accounts has been found for sale on the Dark Web, Corin Imai, Sr. Senior Security Advisor at DomainTools commented below.
Corin Imai, Sr. Senior Security Advisor at DomainTools:
It is encouraging, though, that YouNow – listed by criminals as one of the breached firms – has investigated the claim and has found its accounts to be secure. This means that not all the credentials listed on Dream Market are necessarily genuine. Nonetheless, the sheer number of compromised accounts that have been put up for sale would allow for credential stuffing or phishing attack on a large scale. Customers should immediately change the passwords to their most sensitive accounts, should they have used the same on one of the breached websites. Criminals rely on users privileging comfort over security: a single password for every account is easier to remember, but creates a ripple effect of compromised accounts: criminals could gain access to financial information and even, in certain cases, accomplish identity theft.
As always, the best way in which users can safeguard the security of their accounts is to choose strong, unique passwords for each of their accounts, and to enable multifactor authentication wherever possible.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.