Following one of the world’s largest cyber attacks, the most comprehensive database of emails and passwords ever recorded has been posted up for sale on the dark web. The collection of email addresses and passwords has been dubbed “Collection #1”, which, true to its name represents the largest data dump of sensitive data we’ve ever seen published.
We’ve provided links to websites you that will allow you check whether or not your email and or password has been compromised down below.
Troy Hunt, cybersecurity guru and founder of the ‘Have I been Pwned’ website first broke news of the database on his blog, which was found lurking on the dark web.
On his blog, Mr Hunt wrote: “Collection #1 is a set of email addresses and passwords totally 2,692,818,238 rows. It’s made up of many different individual data breaches from literally thousands of different sources.”
“Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts… In other words, people take lists like these that contain our email addresses and passwords then they attempt to see where else they work."
“The success of this approach is predicted on the fact that people reuse the same credentials on multiple services.”
Ian Yip, McAfee’s Asia-Pacific chief technology officer says the that the “incident is somewhat unsurprising, given the number of attacks we’ve seen hit Australian businesses, employees and everyday people over the last couple of weeks.”
“Hundreds of millions of people are still at risk of a multitude of vulnerabilities, which can be exploited by sophisticated cybercriminals who are driven by monetary gain.”
Mr Hunt’s website Have I Been Pwned allows you to input your email address, and determine whether or not you’ve been hacked; click here to check.
“Cyber resilience must remain a high priority goal for organisations and citizens.”
According to Kai Ping Lew of IT Brief, “in total, the unique email addresses compromised in the data breach came up to over 772-million.”
“Once your password is in the hands of a cybercriminal, they can gain access to personal and even financial information by painting a ‘picture’ of you. This is yet another alarming wake-up call for. People who do not place importance on their online privacy, security and data protection." Lew concluded.
The latest hack and data dump represents the world's largest trove of critically sensitive information listed online... that we know of. The news acts to strengthen the argument implementing top-notch security protocols for your professional and personal email accounts, as well as passwords.
All of the above are driven home by ISO 27001's desired outcomes, and will help you and your business to remain safe in the increasingly hazardous digital landscape.