Story image

Massive 2.2bil-username data dump leaked on dark web

01 Feb 2019

A second major data dump has hit the dark web in two weeks, compromising of 2.2 billion unique usernames and passwords.

The data dump has been dubbed Collection #2-5 and contains 845GB of data and over 25 billion unique records.

This makes the second leak three times bigger than the Collection #1 dump leaked last month, identified by Australian Cybersecurity expert Troy Hunt.

Wired reported that Collection #2-5 was discovered and has been analysed by security researchers at Germany’s Hasso Plattner Institute and cybersecurity firm Phosphorus.io.

Users can go to the Hasso Plattner Info Leak Checker to see if their email details and credentials have been compromised in the latest data dump.

OneSpan security competence centre and security strategy senior manager market Frederik Mennes says, “2.2 billion unique records is a staggering number.”

“We are becoming accustomed to breach notification news, but sad to say, the use of multi-factor authentication is still not utilised whenever and wherever possible.

“Companies should remember that easy targets will continue to be exploited first, because cybercrime follows the path of least resistance,” Mennes says.

“Technology is evolving, and next-generation authentication, intelligent adaptive authentication, is gaining momentum.

“This technology utilises AI and machine learning to score vast amounts of data, and based on patterns, analyses the risk of a situation and adapts the security and required authentication accordingly.”

OneSpan innovation centre chief security architect Steven Murdoch says, “This password leak shows that large quantities of stolen passwords are readily available to anyone, regardless of how low their budget.

“However, data from recent breaches will be considerably more expensive to obtain. 

“Companies should recognise the limitations of password authentication and are in the best position to mitigate the weaknesses. They should implement additional measures, such as the detection of suspicious behaviour.

“Two-factor authentication, or even better, FIDO/U2F, should be offered to customers. Customers can also help by not re-using passwords across multiple sites and using a password manager if needed.

“The website TwoFactorAuth.org gives instructions on how to enable two-factor authentication on many popular sites, as enabling 2FA, and preferably FIDO/U2F, will significantly help to improve their security.

Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Why Aussie companies are struggling with data
The top culprits in poor data quality in Oz are human error, different data sources, lack of comms, inadequate strategy, and too much information.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Pure Storage expands enterprise data management solutions
It has integrated StorReduce technologies for a cloud-native back up platform, and expanded its data fabric solution for cloud-based applications.
Survey finds DC managers want more efficiency, not horsepower
More servers and more CPU power used to be the answer to boosting data centre performance, but it appears this is no longer the case.
GoCardless to double A/NZ team by end of year
With a successful E round of investment and continuing organic growth globally, the debit network platform company aims to expand its local presence.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
TechOne bringing solar lights to students in need
The company is partnering with charity SolarBuddy to bring solar-powered lights to children in energy poverty to alleviate study stress after dark.