Data Breach Warning
A second major data dump has hit the dark web in as many weeks and Australian business is being strongly urged to check if they’ve fallen victim.
The so-called Collection #1 data dump two weeks ago redefined ‘big’ as far as data breaches go. More than 770 million account details were stolen.
Then just last week came confirmation of a second and even bigger data leak dubbed #Collection 2-5.
Estimates put the total of these two breaches at 2.2 billion email addresses and associated passwords. That’s equal to about 30% of the world’s population.
Why should Australian businesses be concerned?
Leaked data credentials leave people vulnerable to account hijacking across all services where they reuse or recycle their usernames and passwords.
Unfortunately, this can include accounts they use for work purposes, meaning that they also put their employers at serious risk by using the same log in passwords.
The leaked details from the two breaches are expected to find their way into the stream of malicious bot traffic that use credential stuffing techniques to exploit accounts. Credential stuffing, as the name suggests, is where known email addresses and passwords are tried at multiple sites and services to find common usages in business and personal accounts.
How to check if you’ve been affected?
The original Collection #1 data dump two weeks ago was painstakingly filtered and entered into the Have I Been Pwned service which lets you enter your email address and check if your details have been breached.
The latest Collection #2 -5 dumps have been compiled into the Info Leak Checker at Germany’s Hasso Plattner Institute where individuals and businesses can determine if they’ve been compromised.
Think Technology Australia advises any business to follow best practices in authenticating users, starting with a proactive approach to identifying suspicious logins.
Security technologies like data loss prevention (DLP), multi-factor authentication (MFA), and data encryption are much more effective than just basic password protection.