Publisher
SparkUp
Following the emergence last week of a massive database of exposed emails and passwords dubbed as Collection #1, global cybersecurity company Kaspersky Lab strongly urged internet users to apply unique passwords for each of their online accounts to minimize the chances of being affected by data breaches.
In the Philippines, over the weekend, financial services firm Cebuana Lhuillier confirmed that about 900,000 people were affected in a data breach involving their email server used for marketing purposes.
According to Kaspersky Lab, leaks and breaches pose potentially massive risks and possible damages for account holders.
Malefactors collect the leaked information, creating databases with logins and passwords. Some of them try to add information from every leak to these databases, and that effort results in the creation of gigantic databases such as what www.troyhunt.com called Collection #1. This database contains more than 700 million unique email addresses and more than 1.1 billion unique login-password pairs from more than 2000 different leaks, some dating as far back as 2008 to most recent ones.
“This massive collection of data harvested through data breaches had been built up over a long period of time, so some of the account details are likely to be outdated now,” said Sergey Lozhkin, security expert at Kaspersky Lab. “However, it is no secret that despite growing awareness of the danger, people stick to the same passwords and even re-use them on multiple websites.”
“What’s more, this collection can be easily be turned into a single list of emails and passwords and then all that attackers need to do is to write a relatively simple software program to check if the passwords are working,” he said. “The consequences of account access can range from very productive phishing, as criminals can automatically send malicious emails to a victim’s list of contacts, to targeted attacks designed to steal victims’ entire digital identity or money or to compromise their social media network data.”
Experts at Kaspersky Lab said numerous leaks have been appearing over the past few years and a lot more are expected to happen in the future.
Lozhkin strongly recommends everyone who uses email credential for online activities to take the following steps as soon as possible: