There were hundreds of millions of email usernames and passwords that were breached and made available thanks to Russian hackers on the black market. According to Reuter’s Alex Holden, CIO revealed 272 million.
Most of these affected email accounts are with Mail.ru, which is the most popular email service provider in Russia. Google, Microsoft and Yahoo are affected, however not as severe as Mail.ru.
Hackers know that many users like to keep their favorite passwords. Attackers reuse old passwords found on old accounts to break into other accounts of the same user. It’s common to see a username/ password with the same credentials at a different organization.
Many sources reveal that this hacker is known as the “The Collector”, the methods used are unknown. His firm studies cyber threats in forums and chatrooms.
These notorious hackers noted that they find and target individuals that can be used multiple times. In other words, username/passwords that can be reused for different organizations. For example, it’s not recommended to use the same usernames for banking, email, e-commerce sites, with the same password combination.
Our engineers are not going to say, “Don’t change your password.” Based on the articles, such as Reuters, it sounds more like these were harvested accounts (Keyloggers on infected machines) than security breaches on servers. The moral of the story is to consider changing passwords regularly; stay away from reusing old passwords.
If an incident were to happen at an organization—the amount of negative PR is not worth it. Don’t let your organization become a target! Don’t let those audits sneak up on you, call now for a risk assessment.