- The recent record of 16 billion may not be as bad as it sounds
- Data sets probably contain previously filtered information
- However, those affected could still be at risk, so I am on guard
After the recent reports of more than 16 billion records that are filtered in a ‘unimaginable’ data violation, additional research has affirmed that the reality of the incident may not be as disastrous as it is thought for the first time.
After significant speculation about the effects and origins of the violation, the new findings of Bleepingcomter suggest that this “violation” may not be new, or even a violation, but only a compilation of existing filtered credentials.
Initial data sets discovered by the researchers included hordes of personal information, with each of the 30 data sets that contain between tens of millions, more than 3.5 billion data points, totaling 16 billion records. Now it seems likely that it was a series of data sets that simply contained violated credentials assembled by a cybersecurity firm (or by criminals) that was then exposed online.
Infants of infants to guilt
“Despite the buzz, there is no evidence that this compilation contains new or previously invisible data.” Bleepingcomputer Confirm.
The information of these data sets has probably been circulating for a while, and the design of the violated information suggests that it was collected using infants of infants, a type of malware that has become one of the most prolific threats for safety equipment and Internet users equally.
The information found in these data sets is formatted in such a way that I firmly point your finger at infants, with credentials that appear in a unique line per line (URL: Username: Password) All compiled in a ‘log’.
An attack by an infator can exfilt all credentials stored in a browser, and records are loaded and are generally sold in the dark network.
The criminals will often carry samples of their stolen data as a “tastor” to prove that the information is legitimate.
Since these infractions can sometimes contain billions of records, these samples often contain tens of thousands of credentials, and this data violation is probably a compilation of these tasters.
What to do next
New filtered credentials do not represent a great threat to those affected. If your information has leaked, be sure to take a look at the identity theft protection software, since criminals can use their name, address and details to eliminate credit cards or loans to your name.
Haveibeenpwned? It is probably the best resource to verify if your data has been affected, offering a decrease in each large cybercrime incident of recent years.
As a business, enabling multiple factors (MFA) and ensuring that all personnel are completely trained on the dangers and signs of social engineering attacks is key. The use of commercial password administrators can also help ensure that all user passwords are safe.
And if you keep the passwords on a Google account, you can use the Google password verification tool to see if any has committed, or register in one of the best password administrator options that we have rounded to make sure that its session is protected.
“If this news scares him, then his security program probably has some fundamental gaps,” argues James Shank, director of Operations of Threats at Expel.
“Let this be the fuel you need to position your department to solve the problem systematically, instead of defending the news of the day. There will always be another violation, with even more passwords, and emergency management will continue if you have no systematic defenses.”
