I’m becoming immune to the huge numbers involved in a data breach. The latest big number is 711 million. That’s how many email addresses and passwords were discovered on an unsecure server that was used for a spambot called Onliner. Onliner is sending spam to deliver the Ursnif banking malware, and more than 100,000 systems have already been infected.
This story has a lot of disturbing aspects. There is the massive volume of stolen emails spreading malware. There is the fact that those emails and passwords are exposed again for more theft because the server is unsecure. Also, as Christian Lees, CTO and CSO with InfoArmor, told me in an email, we need to consider other points:
There is evidence of a significant amount of speculative data, yet also the potential for meaningful amounts of pre-breached data from existing aggregation. Threat actors continue to expand their methods to potentially mainstream or expand their revenue streams. Continuous large data disclosures of this type, with potentially unverifiable data sources and targets, increase alert fatigue for security professionals. Also - this is another reminder that threat actors also live the dual-edge sword of security.
Apparently, many of the stolen credentials came from other large data breaches, such as the LinkedIn hack. On the positive side, as TechRepublic pointed out, not all of those stolen email and passwords are legitimate or even useable. But the down side is that it is yet another situation showing how smart the bad guys are getting, as this treasure trove showed how they are able to avoid spam filters to get that malware directly into your inbox. We should also be worried that the hackers have so much information and aren’t doing anything to protect it, said Jonathan Sander with STEALTHbits Technologies, who added in an email comment:
Some may think the bad guy has no motivation to protect our data, but they do. The amount and how well enriched their data set is becomes their competitive advantage in a crowded black market. Just like people using Google more than other search engines because of their huge reach, the black market has brands that stake their reputation on having the biggest database of quality, stolen data. To see that even with such financial motivation they are failing to secure their ill-gotten goods is disheartening.
What can you do if your email and password have been compromised? Well, as many experts have said, chances are your information has already been compromised – if not found in this server then it was almost certainly breached in some other attack. The best you can do is change your email passwords and make sure they are unique to each account. And do it with some frequency. And if you have the opportunity to use multi-factor authentication, take advantage of it. I know, it’s all old advice. But sometimes that’s the best.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba