Story image

Experts comment on record 772mil-user data breach

21 Jan 2019

Cybersecurity expert and founder of website Have I Been Pwned Troy Hunt broke the news recently that the largest ever database of breached login details have been leaked on the dark web.

Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.

In total, the unique email addresses compromised in the data breach came up to over 772 million.

Users can check Hunt’s website, Have I Been Pwned, to see if their email address and associated password have been compromised in the data dump.

The data breach appears to have been retrieved from a collection number of different sources.

McAfee Asia-Pacific chief technology officer Ian Yip says, “This incident is somewhat unsurprising, given the number of attacks we’ve seen hit Australian businesses, employees and everyday people over the last couple of weeks.

“Hundreds of millions of people are still at risk of a multitude of vulnerabilities, which can be exploited by sophisticated cybercriminals who are driven by monetary gain.

"It’s prudent for citizens to act fast and defend themselves. With such a high volume of personal data being discovered, nobody can assume they haven’t themselves fallen victim.

"As an immediate next step, passwords need to be changed. If you have the same password across any account, device or app you need to make every single one unique, strong and never re-use it again. A password manager is a great option if you want to do this quickly.

"Once your password is in the hands of a cybercriminal, they can gain access to personal and even financial information by painting a ‘picture’ of you. This is yet another alarming wake-up call for people who do not place importance on their online privacy, security and data protection. Cyber resilience must remain a high priority goal for organisations and citizens.”

OneSpan security solutions director and security evangelist Will LaSala says, “This is a colossal breach. Those impacted should act fast to change any reused passwords, as the exposed credentials can be used by criminals in credential stuffing attacks to cause maximum damage across multiple other accounts.

“And with criminals trading assets in underground forums, data from this breach could easily be cross-referenced with information lying elsewhere to bypass authentication. For the more high-risk accounts like banking accounts, this poses a very real fraud threat.

“If this doesn’t highlight the need for security reach beyond the password, then not much else will. We should know by now that using a combination of multiple, layered authentication technologies gives companies, and users, the best chance.

“Banks especially should be upgrading their authentication procedures to more intelligent methods to mitigate the fraud risk in the aftermath of attacks such as this. This technology should combine multiple authentication techniques, whether that’s fingerprints, behavioural biometrics or one-time passwords.

Callsign CMO and go-to-market strategy head Sarah Whipp says this case is just another example in a long list of hacks which prove that outdated password is no longer fit for purpose.

“The Collection #1 database is just another nail in the coffin for the traditional password. Not even a ‘strong’ password can keep your data safe if it’s freely available on the dark web.

“While we have come on leaps and bounds in terms of biometric authentication technology which has helped improve the protection of our identities online, the ability to collect sufficient biometric data tends to be quite difficult and consequently, it is also not 100% secure.

Gartner recognizes Huawei's data center networking expertise
The Gartner Peer Insights Customers’ Choice analyzes more than 200,000 reviews across more than 300 markets posted to Gartner Peer Insights. 
How Huawei aims to enhance IP networks
'We believe that the intelligent IP networks built with the four-engine series products can continuously empower users with business intelligence."
Partnership brings next-gen edge internet services to Chicago
The edge solutions will primarily be delivered through New Continuum’s West Chicago NAP data center, which is also a convergence point for optical and logical networks.
Earth Day 2019: How tech firms can support our planet's wellbeing
Six industry experts explain how they - and other tech organisations - can positively contribute to the wellbeing of our earth.
University of Kansas becomes lead agency for Kansas State Data Center program
The University of Kansas’ Institute for Policy and Social Research (IPSR) is now the lead agency for Kansas' State Data Center Program.
Dell EMC’s six server market trends
As the evolution of cloud-based computing continues, it is important to know what’s ahead to stay ahead of the market.
Park Place Technologies hires new EMEA managing director
Post-warranty data centre maintenance company Park Place Technologies has recruited Sean Sears as its new managing director for Europe, the Middle East and Africa.
Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.