Largest ever collection of breached data posted to hacking forum – Netwrix comments
January 2019 by Netwrix
Today, it has been revealed that a store of 770m email addresses and passwords have been posted to a hacking forum. According to security researcher Troy Hunt, while most of the email addresses have appeared in previous data breaches, “there’s somewhere in the order of 140m email addresses … that have never been seen before”, pointing to either one large unreported breach or a combination or smaller ones.
Matt Middleton-Leal, Netwrix’s General Manager EMEA, has provided the following statement in response:
“Despite significant developments, both within the security industry itself and due to regulatory changes, the fact is that far too many data breaches go undiscovered – and undisclosed to the public – for months or even years, which may explain the 140m previously unseen email addresses found posted to the hacking forum. The Marriott data breach, as an example, is believed to have first occurred four years before it was revealed in November 2018. There are a number of ways in which businesses increase the likelihood of data breaches going unnoticed for some time, including siloed security systems and increased network complexity following mergers and acquisitions. As well as this, a lack of C-level support and ineffective incident response planning can restrict organisations’ ability to identify breaches in time before data can be extracted. This latest incident should provide yet another wake-up call to organisations regarding the consequences of lax security.”