Experts On Seller Floods Hacker Forum With Data Stolen from 14 Companies

It is reported that a data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020. When a company is breached, threat actors will typically download accessible databases, including account records. These databases are then sold directly to other threat actors, or the hackers utilize data breach brokers to sell them on their behalf. Over the past month, a known and reputable data breach broker has been selling numerous databases on hacker forums that they state were acquired in data breaches conducted in 2020.

Experts Comments

July 01, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Details around how and when these breaches occurred are unclear. Many of the 14 companies listed haven't disclosed a breach, so it's difficult to determine the reliability of the data. However, if the breaches are correct, then this data gives a treasure trove of information to criminals who can use these usernames ad passwords to launch credential-stuffing attacks or use the information to send phishing emails. It is why it's important that organisations offer 2FA to users, so that if.....Read More
Details around how and when these breaches occurred are unclear. Many of the 14 companies listed haven't disclosed a breach, so it's difficult to determine the reliability of the data. However, if the breaches are correct, then this data gives a treasure trove of information to criminals who can use these usernames ad passwords to launch credential-stuffing attacks or use the information to send phishing emails. It is why it's important that organisations offer 2FA to users, so that if their password is breached or guessed, an attacker cannot gain access to their account. Similarly, users should avoid reusing the same password across different sites and be wary of unsolicited emails asking for data or payment. Worryingly, we can only expect the number of records traded on underground forums to keep on increasing - even with ransomware attacks, criminals are increasingly trying to exfiltrate authentication data that can be sold on to increase their profit on each attack.  Read Less
July 01, 2020
Jamie Akhtar
CEO and Co-founder
CyberSmart
These databases highlight how far-reaching and insidious data breaches can be. It is possible a company may not even know they were breached when they appear on these lists and yet they become even more vulnerable when they are. These breaches are not just large companies. Anyone can be a victim to a cyber attack and following basic cyber hygiene is especially important for those small businesses without their own IT teams. Utilizing strong passwords and multi-factor authentication, enabling.....Read More
These databases highlight how far-reaching and insidious data breaches can be. It is possible a company may not even know they were breached when they appear on these lists and yet they become even more vulnerable when they are. These breaches are not just large companies. Anyone can be a victim to a cyber attack and following basic cyber hygiene is especially important for those small businesses without their own IT teams. Utilizing strong passwords and multi-factor authentication, enabling firewalls, knowing the signs of a phishing email, and keeping software up to date can all go a long way in preventing a breach.  Read Less
July 01, 2020
Dr. Anton Grashion
EMEA Director
Corelight
Anyone whose details are included in this database of stolen credentials should obviously reset their passwords as a minimum response. It once again highlights that we need organisations to tackle the problem of malicious actors lurking undetected in their systems for significant periods of time. The sooner suspicious activity is detected, the less time a hacker will have to exfiltrate sensitive information and user credentials. It has become paramount for modern enterprises to accept that.....Read More
Anyone whose details are included in this database of stolen credentials should obviously reset their passwords as a minimum response. It once again highlights that we need organisations to tackle the problem of malicious actors lurking undetected in their systems for significant periods of time. The sooner suspicious activity is detected, the less time a hacker will have to exfiltrate sensitive information and user credentials. It has become paramount for modern enterprises to accept that “prevention eventually fails”, which makes the rapidity and accuracy of detection and response measures come to the forefront of a successful security strategy, and one of organisations’ best options for preventing their name ending up in the next data breach headline.  Read Less
June 30, 2020
Trevor Morgan
Product Manager
comforte AG
A data breach occurs. Information is extracted and sold. Potentially compromised data puts companies at risk for litigation, regulatory scrutiny, and reputational damage. Everybody is on edge anticipating the worst while hoping for the best possible outcome, while customers are wary and reticent to give out personal information in the future. It’s a common pattern with a very simple solution for any organization wanting to improve their security posture—redouble efforts to protect the.....Read More
A data breach occurs. Information is extracted and sold. Potentially compromised data puts companies at risk for litigation, regulatory scrutiny, and reputational damage. Everybody is on edge anticipating the worst while hoping for the best possible outcome, while customers are wary and reticent to give out personal information in the future. It’s a common pattern with a very simple solution for any organization wanting to improve their security posture—redouble efforts to protect the data itself along with the perimeter, access points into the data environment, and user identity verification. Take a more data-centric approach to security. By tokenizing sensitive data as soon as it is created, captured, or housed—a method which replaces that data with benign tokens with no inherent meaning—and then by following a tight policy of never (or rarely) detokenizing it within data workflows, businesses can rest a bit easier knowing that unauthorized access to the data will not result in any extracted meaning or compromised individuals or the business itself.  Read Less
June 30, 2020
Paul Bischoff
Privacy Advocate
Comparitech
The most telling part of this dump is that 10 out of the 14 companies involved had not disclosed any data breaches prior. Those companies might not have known about the data breaches, or they might have been keeping it a secret. Depending on what country they\'re operating in, they might not be required to publicly disclose data breaches. Either way, the failure to announce data breaches and inform users before the data is dumped puts all of those users at greater risk of credential stuffing.....Read More
The most telling part of this dump is that 10 out of the 14 companies involved had not disclosed any data breaches prior. Those companies might not have known about the data breaches, or they might have been keeping it a secret. Depending on what country they\'re operating in, they might not be required to publicly disclose data breaches. Either way, the failure to announce data breaches and inform users before the data is dumped puts all of those users at greater risk of credential stuffing and phishing. The companies must now race against hackers to alert users who will likely face targeted phishing messages and account takeover attempts. Given that all of the data is reportedly from 2020, most of the information contained is still valid, making it more valuable to cyber criminals.  Read Less
June 30, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
The sale of data from data breaches underscores the need for online users to use unique passwords on each and every one of their accounts. Password reuse opens the door to having even a single data breach open the door to having all of a user's accounts violated.
June 30, 2020
Chris Rothe
Co-founder and Chief Product Officer
Red Canary
It's sad that stories like this, where 100 million user records were leaked, barely make the news these days due to how common they are but that is the world we live it. It just goes to show that the marketplace for stolen credentials is alive and well despite everything we've done to protect data and disrupt attackers.
June 30, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Details around how and when these breaches occurred are unclear. Many of the 14 companies listed haven't disclosed a breach, so it's difficult to determine the reliability of the data. However, if the breaches are correct, then this data gives a treasure trove of information to criminals who can use these usernames ad passwords to launch credential-stuffing attacks or use the information to send phishing emails. It is why it's important that organisations offer 2FA to users, so that if.....Read More
Details around how and when these breaches occurred are unclear. Many of the 14 companies listed haven't disclosed a breach, so it's difficult to determine the reliability of the data. However, if the breaches are correct, then this data gives a treasure trove of information to criminals who can use these usernames ad passwords to launch credential-stuffing attacks or use the information to send phishing emails. It is why it's important that organisations offer 2FA to users, so that if their password is breached or guessed, an attacker cannot gain access to their account. Similarly, users should avoid reusing the same password across different sites and be wary of unsolicited emails asking for data or payment. Worryingly, we can only expect the number of records traded on underground forums to keep on increasing - even with ransomware attacks, criminals are increasingly trying to exfiltrate authentication data that can be sold on to increase their profit on each attack.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.