Experts On Seller Floods Hacker Forum With Data Stolen from 14 Companies

Bleeping Computer is reporting that a data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020. When a company is breached, threat actors will typically download accessible databases, including account records. These databases are then sold directly to other threat actors, or the hackers utilize data breach brokers to sell them on their behalf. Over the past month, a known and reputable data breach broker has been selling numerous databases on hacker forums that they state were acquired in data breaches conducted in 2020.


EXPERTS COMMENTS
Javvad Malik, Security Awareness Advocate,  KnowBe4
July 01, 2020
Details around how and when these breaches occurred are unclear.
Details around how and when these breaches occurred are unclear. Many of the 14 companies listed haven't disclosed a breach, so it's difficult to determine the reliability of the data. However, if the breaches are correct, then this data gives a treasure trove of information to criminals who can use these usernames ad passwords to launch credential-stuffing attacks or use the information to send ....
[Read More >>]
Jamie Akhtar, CEO and Co-founder,  CyberSmart
July 01, 2020
These breaches are not just large companies.
These databases highlight how far-reaching and insidious data breaches can be. It is possible a company may not even know they were breached when they appear on these lists and yet they become even more vulnerable when they are. These breaches are not just large companies. Anyone can be a victim to a cyber attack and following basic cyber hygiene is especially important for those small businesses ....
[Read More >>]
Dr. Anton Grashion, EMEA Director ,  Corelight
July 01, 2020
The sooner suspicious activity is detected, the less time a hacker will have to exfiltrate sensitive information and user credentials.
Anyone whose details are included in this database of stolen credentials should obviously reset their passwords as a minimum response. It once again highlights that we need organisations to tackle the problem of malicious actors lurking undetected in their systems for significant periods of time. The sooner suspicious activity is detected, the less time a hacker will have to exfiltrate sensitive i ....
[Read More >>]
Trevor Morgan, Product Manager ,  comforte AG
June 30, 2020
Everybody is on edge anticipating the worst while hoping for the best possible outcome.
A data breach occurs. Information is extracted and sold. Potentially compromised data puts companies at risk for litigation, regulatory scrutiny, and reputational damage. Everybody is on edge anticipating the worst while hoping for the best possible outcome, while customers are wary and reticent to give out personal information in the future. It’s a common pattern with a very simple solution ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
June 30, 2020
The companies must now race against hackers to alert users who will likely face targeted phishing messages.
The most telling part of this dump is that 10 out of the 14 companies involved had not disclosed any data breaches prior. Those companies might not have known about the data breaches, or they might have been keeping it a secret. Depending on what country they\'re operating in, they might not be required to publicly disclose data breaches. Either way, the failure to announce data breaches and inf ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
June 30, 2020
The sale of data from data breaches underscores the need for online users to use unique passwords.
The sale of data from data breaches underscores the need for online users to use unique passwords on each and every one of their accounts. Password reuse opens the door to having even a single data breach open the door to having all of a user's accounts violated. ....
[Read More >>]
Chris Rothe, Co-founder and Chief Product Officer,  Red Canary
June 30, 2020
the marketplace for stolen credentials is alive and well despite everything we've done to protect data
It's sad that stories like this, where 100 million user records were leaked, barely make the news these days due to how common they are but that is the world we live it. It just goes to show that the marketplace for stolen credentials is alive and well despite everything we've done to protect data and disrupt attackers. ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
June 30, 2020
Users should avoid reusing the same password across different sites and be wary of unsolicited emails asking for data or payment.
Details around how and when these breaches occurred are unclear. Many of the 14 companies listed haven't disclosed a breach, so it's difficult to determine the reliability of the data. However, if the breaches are correct, then this data gives a treasure trove of information to criminals who can use these usernames ad passwords to launch credential-stuffing attacks or use the information to send ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article