Story image

Experts comment on record 772mil-user data breach

21 Jan 2019

Cybersecurity expert and founder of website Have I Been Pwned Troy Hunt broke the news recently that the largest ever database of breached login details have been leaked on the dark web.

Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.

In total, the unique email addresses compromised in the data breach came up to over 772 million.

Users can check Hunt’s website, Have I Been Pwned, to see if their email address and associated password have been compromised in the data dump.

The data breach appears to have been retrieved from a collection number of different sources.

McAfee Asia-Pacific chief technology officer Ian Yip says, “This incident is somewhat unsurprising, given the number of attacks we’ve seen hit Australian businesses, employees and everyday people over the last couple of weeks.

“Hundreds of millions of people are still at risk of a multitude of vulnerabilities, which can be exploited by sophisticated cybercriminals who are driven by monetary gain.

"It’s prudent for citizens to act fast and defend themselves. With such a high volume of personal data being discovered, nobody can assume they haven’t themselves fallen victim.

"As an immediate next step, passwords need to be changed. If you have the same password across any account, device or app you need to make every single one unique, strong and never re-use it again. A password manager is a great option if you want to do this quickly.

"Once your password is in the hands of a cybercriminal, they can gain access to personal and even financial information by painting a ‘picture’ of you. This is yet another alarming wake-up call for people who do not place importance on their online privacy, security and data protection. Cyber resilience must remain a high priority goal for organisations and citizens.”

OneSpan security solutions director and security evangelist Will LaSala says, “This is a colossal breach. Those impacted should act fast to change any reused passwords, as the exposed credentials can be used by criminals in credential stuffing attacks to cause maximum damage across multiple other accounts.

“And with criminals trading assets in underground forums, data from this breach could easily be cross-referenced with information lying elsewhere to bypass authentication. For the more high-risk accounts like banking accounts, this poses a very real fraud threat.

“If this doesn’t highlight the need for security reach beyond the password, then not much else will. We should know by now that using a combination of multiple, layered authentication technologies gives companies, and users, the best chance.

“Banks especially should be upgrading their authentication procedures to more intelligent methods to mitigate the fraud risk in the aftermath of attacks such as this. This technology should combine multiple authentication techniques, whether that’s fingerprints, behavioural biometrics or one-time passwords.

Callsign CMO and go-to-market strategy head Sarah Whipp says this case is just another example in a long list of hacks which prove that outdated password is no longer fit for purpose.

“The Collection #1 database is just another nail in the coffin for the traditional password. Not even a ‘strong’ password can keep your data safe if it’s freely available on the dark web.

“While we have come on leaps and bounds in terms of biometric authentication technology which has helped improve the protection of our identities online, the ability to collect sufficient biometric data tends to be quite difficult and consequently, it is also not 100% secure.

Intel announces “most powerful mobile processors ever”
Improvements in performance, responsiveness and Wi-Fi connectivity will be rolling out for gamers and creators alike.
Software AG launches new cloud-based IT portfolio management tool
“Alfabet FastLane’s out-of-the-box approach absolutely addresses the needs of smaller IT teams."
Slack's 2019 feature roadmap unveiled
Including shared channels across organisations, workflow automation, greater email and calendar integration, and streamlined search.
Data#3 wins learning and development award two years running
Chief Learning Officer magazine’s LearningElite programme honours the best organisations for learning and development.
Hootsuite leads the social engagement charge - Forrester report
“Hootsuite leads the pack with its seller focus and scale,” writes Forrester principal analyst Mary Shea.
The fight for power in the Fourth Industrial Revolution
"Like the industrial revolutions before it, the Fourth Industrial Revolution highlights the role of new technologies in society."
Intel releases 8th gen vPro mobile processors
This generation promises longer battery life, better performance, and comes with a built-in hardware security solution, Intel Hardware Shield.
Unisys encourages financial institutions to adopt open banking
“It establishes the bank as an integral part of the customers’ life – a ‘one-stop-shop’ where they can get personalised products and services they want, when they want them.”