1 Billion Email And Password Combinations Leaked – Expert Comment

Over one billion email and password combinations were leaked online by an unnamed party–  giving bad actors the information necessary to conduct countless credential stuffing or other spam campaigns. The unsecured database primarily features emails from Chinese domains, as well as numerous Gmail and Yahoo addresses.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Stuart Reed
Stuart Reed , UK Director
InfoSec Expert
December 13, 2019 12:43 pm

While the news of another unsecured server is concerning, the immediate worry here is how many passwords and emails are now readily available for criminals to exploit, in all kinds of attacks. For example, with passwords stored in plain text, they can relatively easily be used in credential stuffing attacks. On top of this, it took several days for the server to be secured again, gifting criminals with ample time to gain access to the information.

All organizations need to ensure that at the very least they are encrypting sensitive information. Beyond this, there should be a multi layered approach, where staff are educated and there is analysis at multiple layers of the security stack to identify threats and malicious behaviour. Network detection and response is vital for a holistic view and the ability to mitigate the damage of an attack fast. What’s more, in this situation, consumers should now be updating and changing their passwords to ensure they mitigate their own risk.

Last edited 2 years ago by Stuart Reed
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x