Collection 1 Breach Prompts Calls for Security Updates, Investment
Attivo Networks Blogs

Collection 1 Breach Prompts Calls for Security Updates, Investment

databreach-SCMag

While the Collection 1 data dump – a whopping 773 million unique emails – dazzled with its size, it also underscored the need to shift away from reliance on passwords and renewed calls for investments in more up-to-date and reliable security.

“The sheer size and almost certain impacts of “Collection 1” are historic, but unfortunately not surprising,” said Uniken CEO Bimal Gandhi, who noted that Albert Einstein’s wisdom, “the definition of insanity is doing the same thing over and over again, but expecting different results” applies to the security landscape.

“The continued reliance on outdated security methods such as using PII in authentication certainly fits that definition, given the proliferation of stolen and leaked PII now available on the dark web,” said Gandhi. “These 700+ million email addresses and millions of passwords – many unhashed – will inevitably be used in credential stuffing attacks that greatly harm both consumers and the financial/merchant/payments ecosystem for years to come.”

Adam Brown, manager of security solutions at Synopsis, recounted his own alarm after Security Researcher Troy Hunt revealed the Collection 1 breach. “I first saw this in the small hours and knowing what I know about security and how information is used in credential stuffing attacks I was unable to sleep until I’d checked my own credentials,” said Brown, who tapped into Hunt’s havibeenpwned.com site.

As vast as it is, the Collection 1 dataset is a microcosm of a larger sea of exposed data.

“As shocking as all this news may sound, these types of dumps are far more regular than most people would think. However, many so-called “new” dumps often contain old data seen in previous breaches so even though the numbers sound scary often the volume of actual new data is significantly lower,” said CEO of Authlogics, Steven Hope, CEO of Authlogics, whose analysts have found subsequent “new” data dumps, dubbed Collections #-#5, that total more than 784 GB, or nine times that data found in Collection #1.

Read more>>>

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

14 − 6 =

Ready to find out what’s lurking in your network?

Scroll to Top