1 Billion Email And Password Combinations Leaked – Expert Comment

Over one billion email and password combinations were leaked online by an unnamed party–  giving bad actors the information necessary to conduct countless credential stuffing or other spam campaigns. The unsecured database primarily features emails from Chinese domains, as well as numerous Gmail and Yahoo addresses.

Experts Comments

December 13, 2019
Stuart Reed
UK Director
Orange Cyberdefense
While the news of another unsecured server is concerning, the immediate worry here is how many passwords and emails are now readily available for criminals to exploit, in all kinds of attacks. For example, with passwords stored in plain text, they can relatively easily be used in credential stuffing attacks. On top of this, it took several days for the server to be secured again, gifting criminals with ample time to gain access to the information. All organizations need to ensure that at the.....Read More
While the news of another unsecured server is concerning, the immediate worry here is how many passwords and emails are now readily available for criminals to exploit, in all kinds of attacks. For example, with passwords stored in plain text, they can relatively easily be used in credential stuffing attacks. On top of this, it took several days for the server to be secured again, gifting criminals with ample time to gain access to the information. All organizations need to ensure that at the very least they are encrypting sensitive information. Beyond this, there should be a multi layered approach, where staff are educated and there is analysis at multiple layers of the security stack to identify threats and malicious behaviour. Network detection and response is vital for a holistic view and the ability to mitigate the damage of an attack fast. What’s more, in this situation, consumers should now be updating and changing their passwords to ensure they mitigate their own risk.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.