News broke yesterday that the Royal Canadian Mounted Police (RCMP) has charged a Canadian man for trafficking in identity information, mischief to data, unauthorized use of a computer, and possession of property obtained by crime. The 27-year-old Jordan Evan Bloom of Thornhill, Ontario is behind the notorious LeakedSource.com that compiled public data breaches and sold access to this data, including passwords in cleartext. Ryan Wilk, Vice President at NuData Security commented below.
Ryan Wilk, Vice President at NuData Security:
“The fact that these kinds of services are so readily available to cybercriminals should be indication enough to organizations and consumers that passwords and usernames are virtually useless when attempting to keep us safe online. Easily cracked by social engineering or, as we’ve seen in this case, readily available online in plain text, anyone with even trace elements of knowledge regarding cybercrime could potentially gain access to your valued accounts. While the dismantling of Leakedsource.com is undoubtedly a positive step; this simply leaves a gap in the market for another cybercriminal to fill. The only foolproof solution to this issue is for companies to embrace more stringent security measures to authenticate legitimate customers – taking the value away from the stolen data.
Multi-layered solutions that include passive biometrics identify the legitimate users by looking at their behavior. Inherent patterns such as how someone holds the phone, types, or navigates on a site are unique to each of us and impossible to replicate by a third party. Implementing these new technologies will protect customers from these data breach archives that will inevitability keep appearing.”