News Insights: 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts

620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts

Dubsmash, Armor Games, 500px, Whitepages, ShareThis, and more said to be up for grabs for $$$s in BTC


News Insights:

According to Chris DeRamus, CTO, DivvyCloud, “The massive troves of data that have been exposed in recent breaches should be a wake-up call for users to tighten up their password practices to avoid being victimized further by bad actors engaging in credential stuffing attacks. Using password managers to monitor login credentials over the abundance of websites users frequent as well as enabling 2FA when possible are both excellent ways to deter hackers from compromising your accounts. However, the responsibility for the security of consumers’ information belongs to the companies entrusted with it. Organizations must balance their use of modern technologies (i.e. public cloud, containers, hybrid infrastructure, etc.) that are essential for maintaining a competitive market stance with the need for proper security controls. Leveraging automated security solutions that allow for seamless and continuous policy enforcement provides companies with the framework to successfully reduce risk and maintain compliance across their entire environment.”

Terry Ray, senior vice president and Imperva fellow added, “Companies beware!  Depending on your source, somewhere between 25% and 70% of employees reuse passwords.  Sadly, that’s a very large range on a topic that is so critical to corporate and personal security.  I believe what it tells us is nobody knows how often people reuse passwords, but it’s likely very high and many people will claim not to reuse passwords when in fact they do.  I personally think closer to 100% of people reuse passwords at some point.

Typically, humans will find a scheme to follow when selecting passwords, such as referencing song lyrics, nursery rhymes, common phrases, places, friends’ and family members’ names, etc.  At some point they get back around to the beginning, and start recycling passwords. Furthermore, people typically use the same scheme at work and at home.  Again, companies beware. 617 million usernames and passwords are available, and some of your employees or the passwords they’ve previously chosen are likely in the mix.

Security tokens, Multi Factor Authentication and other means will help corporations.  For the individuals, please use these security measures, change your password, and change your scheme.  It’s a good idea to change schemes every once in a while anyway to get out of a repeating list of passwords.”