Freely subscribe to our NEWSLETTER

"It’s well-known that threat actors compile private copies of previous breaches to support their malicious activities. Breach data (credentials and sensitive personal data) on this scale is enormously useful for attacker techniques such as phishing, social engineering, and credential stuffing attacks, to name but a few.

"Basically this breach enables anyone with access to those records to get access to the history of major breaches without having to do any legwork themselves, and also access historically breached records that are no longer publicly available. Organisations and individuals who want to protect themselves from the risks associated with this mega breach should follow good cyber-security hygiene, such as:
• Never using the same password on multiple sites or applications
• Ensuring use of multi-factor authentication (MFA)
• Enforce use of strong passwords or move towards stronger forms of passwordless authentication
• Immediate forced password resets for any known breached credentials
• Implement strong Identity detection and response measures that can detect anomolous account behaviours
• Security awareness and training and security culture development programmes to shore up the huma element of cyber security from phishing and social engineering attacks
• Digital Risk/Dark Web monitoring to pick up quickly on leaked credentials and threat actor mentions
"If organisations or individuals don’t follow guidelines like these, they will be far more likely to suffer a data breach themselves as this massive data dump just increases the possibility and risk that more threat actors can find a piece of information that will enable them to breach their environment and gain a foothold inside. It’s always been the case that the lack of these basic cyber hygiene steps increases your risk, but the risks grows with the availability of such a massive compilation database of information readily available."