Recently a hacker stole hundreds of millions of data and posted it on the dark web on sale for just few thousand dollars only to haunt the cyber space once again and expose the yawning security gaps in the industry.
“We are now seeing the third database for sale on the Dream Market dark web marketplace. This set includes GyfyCat, ClassPass, and six other companies with data from 92.76 million users, according to a report from ZDNet. As a company, you never want to open the daily news to see that your users’ data is for sale on the Dark Web for less than a thousand dollars… especially if you did not realize you had been breached in the first place,” said Amit Roy, executive vice president and regional head for EMEA at Paladion.
Cyber threats are inevitable and companies must develop better detection and response capabilities so they can prevent catastrophic breaches like these. While organizations have been strengthening their preventive security controls, this incident emphasizes the need for deeper detection of incidents and faster response to quarantine threats from becoming breaches. Usage of AI along with Human Intelligence for round the clock Managed Detection and Response services can empower organizations to detect and respond faster against such breaches.
“However, while this news is unfortunate, it is not surprising. The hacker behind these breaches, Gnosticplayers has already sold over 840 million user records, and has even announced that there is more coming.” expressed Roy.
Dimitris Raekos, General Manager at ESET Middle East explained that this number may sound big but the number of people whose digital privacy was placed in jeopardy by some sort of data security issue in 2018 passed the two billion mark, only just five organizations had exposed almost 1.8 billion records before the middle of the year. Raekos highlighted that “attackers will continue to “earn” as much as possible taking advantage of bugs, vulnerabilities and lack of security awareness by individuals.”
While expressing his views, Gavin Millard, VP of Intelligence at Tenable said “there appears to be a disconcerting trend developing of combining historic data breaches and packaging them up for sale on the dark web, as was evidenced earlier this year with 773 million records known as Collection #1 published. What is notable about this recent set of data is that there are several breaches from within the last year, some of which have already been publicly reported.”
In a singular voice, all the industry experts suggest that Password management is the major concern behind the rise of such incidences and organizations as well as individuals need to be more pro-active with the management of their passwords. Millard said “Some companies have taken some novel steps to try to thwart credential stuffing attacks against their users by obtaining the breached data themselves and cross-referencing it against their own database. They can then warn users of password reuse or issue a password reset to ensure their accounts are protected from credential stuffing. Individuals can also take such precautions by visiting sites, such as ‘https://haveibeenpwned.com/’ to determine if they have an account that has been compromised.”
“Of course, the best way to avoid credential stuffing attacks is to always create unique email and password combinations for every account. Doing this manually is untenable hence good practice is to always use a password manager that can create and store complex passwords and even alert users to compromised passwords found in data breaches,” said Millard.
Echoing the similar sentiment, Raekos said, “One good advice for everybody is to use 2FA when possible, to not overuse their passwords and change them often, in that sense they are also cutting ties from online services they do not use anymore and might be compromised or sold to unknown 3rd parties.”
Roy also shared similar advice, “As a good practice, end users of the compromised websites should consider changing their account passwords, irrespective of whether or not their accounts have been compromised. In some cases, users must have already seen a forced request to change their login credentials.”