Once again, a reminder: 2019 only began 21 days ago. Yet the Collection #1 data breach already clouded the optimism that typically accompanies the New Year.
One of the most worrying data leaks in history, the Collection #1 data breach compromised 773 unique email addresses and 21 million unique passwords in a place where hackers could easily obtain it. Cybersecurity professionals continue to investigate the full ramifications of this massive security compromise, which remain uncertain.
However, the editors at Solutions Review feel confident that, without enterprises recognizing the threat and making significant identity management adjustments, the Collection #1 data breach will prove the tip of the cybersecurity iceberg.
To gain more perspective on the Collection #1 data breach, we consulted with 4 cybersecurity experts from top solution providers. Here’s what we learned:
Javvad Malik, Security Advocate, AlienVault
“Collection #1 is a massive dataset of compromised credentials across many different breaches. It goes to show the magnitude of the breaches and how the cumulative effect is quite devastating. It serves as a reminder about the risks that come with reusing passwords, and how using email addresses as an identifier can compromise individual privacy.”
“The silver lining is that companies can use the data from Collection #1 to enrich their detection capabilities by proactively looking at credential stuffing attacks and blocking users from reusing passwords that have been compromised.”
Carl Wright, CCO, AttackIQ
“In terms of volume, this leak is second only to Yahoo’s 2013 data breach that compromised three billion accounts. This immense exposure of unique combinations of email addresses and passwords can unfortunately be used by threat actors for the purposes of credential stuffing, which is the automated injection of compromised username and password combinations to gain unauthorized access to user accounts. And since so many individuals use the same passwords for numerous accounts, this approach is quite often successful.”
“For individuals who want to mitigate the chances of any of their accounts being compromised, there are a few steps to take. First, never reuse passwords. Instead, get a password manager to help keep track of all your different account passwords. Additionally, enable app-based two-factor authentication whenever possible.”
“For organizations, it is always far more efficient to continuously validate your current security measures rather than recovering from a breach of company or user data. Cybercriminals can wreak as much havoc easier than ever, especially since the attack surface is larger today than it has ever been.”
Raj Samani, Chief Scientist, McAfee
“This is scary but unfortunately, unsurprising. Hundreds of millions of people are still at risk of a multitude of vulnerabilities, created by sophisticated cybercriminals who are driven by monetary gain.”
“People need to act fast and defend themselves. With such a high volume of personal data being discovered, nobody can assume they haven’t been caught up in this. Passwords need to be changed immediately. If you have the same password across any account, device or app you need to make every single one unique, strong and never re-use it again. A password manager is a great option if you want to do this quickly.”
“As soon as a cybercriminal has their hands on a password, they can gain access to your personal and even financial information by painting a ‘picture’ of you. This is a typical case of ‘fail to prepare, prepare to fail’ and should be the alarming wakeup call for people who do not place importance on their online security and data protection.”
Stephen Cox, VP & Chief Security Architect, SecureAuth
“Mounting evidence points at stolen credentials being involved in the vast majority of breaches, and there is no sign of this trend slowing down. More focus needs to be put on advanced authentication techniques to improve organizations’ security posture in this threat landscape, and minimize the potential impacts of these types of data breaches.”
“Far too many organizations are relying on approaches that have simply been proven ineffective against modern attackers, and they must be careful to not develop a false sense of security even when they’ve adopted vanilla two-factor authentication. These types of breaches will continue to proliferate unless organizations up their game for their employees and their customers, implementing multi-factor and adaptive authentication to render stolen credentials useless to an attacker.”
Thanks to these experts for their time and commentary on the Collection #1 data breach. To learn more about the Collection #1 data breach, see our initial article covering the event.