Total Tests:

Billions of stolen credentials from defunct breach index site leaked online

By Duncan Riley for SiliconANGLE
Thursday, November 5, 2020

Although only recently coming to the attention of the media, the data trove appears to have been available on various forums since Cit0day closed down in September. The existence of the leaked data was first mentioned on Raid Forums Sept. 14.

Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE that the major incident that will serve as rocket fuel to password reuse attacks and disastrous data breaches.

“Most organizations cannot centralize their identity management and authentication efforts given that a considerable amount of their data is processed or stored by third parties, let alone legacy or shadow systems,” he explained. “Cybercriminals are well aware of this and, prior to launching a lengthy and expensive frontal attack, will silently try to reuse previously stolen credentials of employees, suppliers and trusted third parties.”

Kolochenko said the leak will inevitably have a major impact on nearly all large organizations around the globe since it likely contains valid credentials from some of their production systems. “Security leaders should urgently ensure they have holistic visibility over their data storage and processing, a properly implemented third-party risk management program and a continuous enforcement of security controls by all third parties with privileged access to their systems or data,” he said. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential