Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Despite widespread media reports of the contrary, security researchers have confirmed that the 16 billion-strong so-called “data breach” said to contain new data is a combolist of old data.
Following a report by CyberNews last week, a number of publications echoed a story that claimed that 30 databases found containing a total of 16 billion records was an info stealer “data breach” containing all new data. These publications included Channel Nine, Forbes, TechRadar, ChannelNews, and more.
However, following a report by BleepingComputer, Cyber Daily reported that the so-called leak was actually a combolist with no evidence of new data.
Now, security researchers from Tenable have confirmed that the data has circulated across the dark web before.
“Firstly, this is not a new data breach. It’s the result of threat actors’ use of info-stealer malware that has silently scraped usernames and passwords during breaches,” said Bernard Montel, technical director and security strategist for Tenable.
“This data has been bundled, traded, and resurfaced across underground forums.”
However, Montel highlights that large quantities of data like this are still dangerous.
“Periodically, we see this type of database surface, demonstrating that hackers have access to our online identities. Using scripts [a small program written in a programming language such as Python, JavaScript, or Bash, that tells a computer step-by-step to do something] threat actors can trawl this treasure trove of information looking for patterns in passwords, but also credential reuse across multiple accounts.
“The latter is akin to a master key as it suggests the same combination will open multiple doors.”
Massive collections of data like this could be used for credential stuffing attacks in which threat actors automatically brute force credentials into login pages to try and access accounts.
The credentials themselves could also be used to scam individuals, perform fraudulent actions, and be used for initial access, resulting in further breaches.
“For organisations, it’s about understanding that this is a potential risk if these records correlate with over-privileged identities. Identities are the new perimeter given that compromised identities are at the centre of nearly every successful cyberattack,” said Montel.
“Organisations must adopt an identity-first approach that continuously validates permissions and access to prevent identity-based attacks before they occur.”
Be the first to hear the latest developments in the cyber industry.
