Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Contrary to media reports, the 16 billion credentials discovered are not from a fresh cyber attack, but have more likely been collated from previous incidents.
In what a number of major publications are calling a data breach motherload, 16 billion stolen credentials have been discovered by security researchers.
The security team at CyberNews, which first reported the so-called “data breach”, discovered 30 databases containing a joint total of 16 billion records. The databases reportedly contained data belonging to Apple, Google, Facebook, GitHub, Telegram, and some government services, among other things.
The story has proven damaging, with a number of publications such as TechRadar, Forbes, ChannelNews, and more spreading word that this is data from previously unexposed databases collected from various info stealers.
However, moving past the misleading headlines will reveal that the data itself is likely not new.
Tech and cyber publication BleepingComputer points out that the credentials contained in these databases “were likely circulating for some time, if not for years,” and that there is no evidence to suggest that any of it is new, despite CyberNews’ claims.
Instead, these details, which were reportedly associated with info-stealer malware, were most likely collected by threat actors, cyber firms or even other researchers and put into the databases, which were were discovered by CyberNews.
Info stealers are a malware type that collect credentials, crypto and other data after infecting a device, collecting and exfiltrating it for the threat actor.
Info stealers are a massive problem and have led to countless breaches. However, the frequency with which they are launched means that many archives found online are sourced from info stealers and are often free. It very well could be the case that these databases contain credentials sourced from info-stealer attacks dating back years.
Regardless of whether the data is new or not, combolists like these present a very real risk. They are used for credential stuffing attacks in which threat actors automatically brute force credentials into login pages to try and access accounts.
The credentials themselves could also be used to scam individuals, perform fraudulent actions and be used for initial access and result in further breaches.
To combat these threats, users should have multifactor authentication (MFA) enabled on sites they have accounts for and use password managers and authentication programs, which prevent threat actors from logging into accounts even when they have the credentials.
Tools like Have I Been Pwned can also alert users to what breaches they may have been involved in, prompting password and credential changes.
If the data in this combolist is old, it is likely that some of it has already expired, with users deleting accounts, changing emails and passwords and more. However, due to the size of the database, users should remain cautious and vigilant and practice good cyber security.
Regarding the reporting, the cyber industry is already full of fear and disinformation. Cyber journalists and researchers have a responsibility to publish reports that are as accurate as can be and avoid fear-mongering, intentional or otherwise.
At the same time, real issues and concerns should be highlighted to advise the public on the best practice going forward when an incident does occur.
Be the first to hear the latest developments in the cyber industry.
