Join our followers
Billions of stolen credentials from defunct breach index site leaked online
Thursday, November 5, 2020
Although only recently coming to the attention of the media, the data trove appears to have been available on various forums since Cit0day closed down in September. The existence of the leaked data was first mentioned on Raid Forums Sept. 14.
Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE that the major incident that will serve as rocket fuel to password reuse attacks and disastrous data breaches.
“Most organizations cannot centralize their identity management and authentication efforts given that a considerable amount of their data is processed or stored by third parties, let alone legacy or shadow systems,” he explained. “Cybercriminals are well aware of this and, prior to launching a lengthy and expensive frontal attack, will silently try to reuse previously stolen credentials of employees, suppliers and trusted third parties.”
Kolochenko said the leak will inevitably have a major impact on nearly all large organizations around the globe since it likely contains valid credentials from some of their production systems. “Security leaders should urgently ensure they have holistic visibility over their data storage and processing, a properly implemented third-party risk management program and a continuous enforcement of security controls by all third parties with privileged access to their systems or data,” he said. Read Full Article
SiliconANGLE: Customer payment data stolen from precious metals trader JM Bullion
SC Media: Patch takeover: App developers, like WordPress, left to weigh backlash of forced security updates
