Recently, yet another cybersecurity threat seemed to materialize and disseminate scores of sensitive information almost overnight. Accounts affected ranged from Google to Yahoo. Initially, experts feared that hundreds of millions of sensitive account numbers and passwords had been compromised.
Fortunately, reports of this most-recent cyber invasion appear to have been a bit inflated. As it turns out, a majority of the information was inaccurate and obtained from less-secure third-party sites. Many of the passwords were incorrect and the account numbers turned out to be obsolete. In fact, one of the email providers—Mail.ru, based in Russia—confirmed that only 0.018% of the email-password combinations were accurate and current.
Additionally, it wasn’t the large-scale attack as previously thought—it was a compilation of smaller data stashes from less-secure sites, made to look by a particularly savvy hacker like he had scored big time. The hacker—known in an online forum as “The Collector”—created a database from smaller compilations of hacked information to garner attention and get social media brownie points in return for offering up the stolen information.
Despite the fact that this latest cyber-security scare turned out not to be “the heist of all heists,” there is still an important lesson to be learned here: the speed and effectiveness with which the young Russian hacker spread the news of his corruption and the widespread response he received serves to remind us of what exactly can go wrong in those potential worst-case scenarios. If the hacker had gotten his hands on accurate data as the result of a large-scale attack, and the account information had been current—the speed with which he could have spread financial destruction would have been impressive. He could have breached massive amounts of clients’ personal information, at least temporarily.
The appropriate response here is not to simply look the other way regarding this seemingly bogus attack. A responsible approach to this type of situation is to take preemptive action against system vulnerabilities. Business users should make sure employees:
Additionally, all business users should protect sensitive password and account information by regularly updating and changing their online credentials—and never use the same information across multiple sites.
Perhaps most importantly, business users should take advantage of a website’s 2-factor (2FA) and multi-factor authentication options for even more enhanced password security. A multi-factor authentication process is based on three categories:
CITOC is the trusted choice when it comes to keeping our clients’ ahead of the latest information technology tips, tricks, and news. Contact us at (713) 490-5000 or send us an email at firstname.lastname@example.org for more information.